FS#9422 - Denyhosts remote log injection vulnerability
Attached to Project:
Arch Linux
Opened by Borromini (Borromini) - Friday, 01 February 2008, 01:46 GMT
Last edited by Simo Leone (neotuli) - Tuesday, 12 February 2008, 01:20 GMT
Opened by Borromini (Borromini) - Friday, 01 February 2008, 01:46 GMT
Last edited by Simo Leone (neotuli) - Tuesday, 12 February 2008, 01:20 GMT
|
Details
Denyhosts is vulnerable to a remote log injection - read
here:
http://www.ossec.net/en/attacking-loganalysis.html.
Additional info: Denyhosts version 2.6-1 Steps to reproduce: See the URL Fix: Apply the patch in attachment. This problem has been existing in the while since (at least) april 2007! |
This task depends upon
Closed by Simo Leone (neotuli)
Tuesday, 12 February 2008, 01:20 GMT
Reason for closing: Fixed
Additional comments about closing: denyhosts-2.6-3
Tuesday, 12 February 2008, 01:20 GMT
Reason for closing: Fixed
Additional comments about closing: denyhosts-2.6-3
I've updated the denyhosts package with the patch attached to this bug, but I'm gonna leave the bug open until I look at the other regexps a bit closer and more awake, if someone else could maybe take a look, that'd rock as well.