FS#9422 : Denyhosts remote log injection vulnerability

FS#9422 - Denyhosts remote log injection vulnerability

Attached to Project: Arch Linux
Opened by Borromini (Borromini) - Friday, 01 February 2008, 01:46 GMT
Last edited by Simo Leone (neotuli) - Tuesday, 12 February 2008, 01:20 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Simo Leone (neotuli)
Architecture	All
Severity	Critical
Priority	Normal
Reported Version	2007.08-2
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 Roman Kyrylych (Romashka) (2008-02-01)
Private	No

Details

Denyhosts is vulnerable to a remote log injection - read here: http://www.ossec.net/en/attacking-loganalysis.html.

Additional info:
Denyhosts version 2.6-1

Steps to reproduce:
See the URL

Fix:
Apply the patch in attachment. This problem has been existing in the while since (at least) april 2007!

log-injection-fix.patch (0.7 KiB)

This task depends upon

Closed by Simo Leone (neotuli)
Tuesday, 12 February 2008, 01:20 GMT
Reason for closing: Fixed
Additional comments about closing: denyhosts-2.6-3

Comment by Borromini (Borromini) - Friday, 01 February 2008, 11:40 GMT

OK... In the while > In the wild *blushes*

Comment by Simo Leone (neotuli) - Tuesday, 05 February 2008, 09:06 GMT

I applied this patch, but it looks to me (at 3am and a quick glance) like the other regex's in the patched file aren't exactly immune to injection either. Leads me to wonder why the author of the linked article didn't mention them if indeed this is so.

I've updated the denyhosts package with the patch attached to this bug, but I'm gonna leave the bug open until I look at the other regexps a bit closer and more awake, if someone else could maybe take a look, that'd rock as well.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#9422 - Denyhosts remote log injection vulnerability

Details

Loading...