Lucene search

[email protected]CVE-2007-2765

HistoryMay 18, 2007 - 10:30 p.m.

CVE-2007-2765

2007-05-1822:30:00

[email protected]

web.nvd.nist.gov

information security

cve-2007-2765

blockhosts

denial of service

remote attackers

log file parsing

regular expression

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

6.9 Medium

AI Score

Confidence

High

0.051 Low

EPSS

Percentile

93.0%

JSON

blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression, a related issue to CVE-2006-6301.

Affected configurations

NVD

Node

ac_zoomblockhostsRange≤2.0.2

CPENameOperatorVersion
ac_zoom:blockhostsac zoom blockhostsle2.0.2

CPE	Name	Operator	Version
ac_zoom:blockhosts	ac zoom blockhosts	le	2.0.2

References

osvdb.org/36516

secunia.com/advisories/25352

www.aczoom.com/tools/blockhosts/CHANGES

www.securityfocus.com/bid/24090

www.vupen.com/english/advisories/2007/1906

exchange.xforce.ibmcloud.com/vulnerabilities/34426

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

6.9 Medium

AI Score

Confidence

High

0.051 Low

EPSS

Percentile

93.0%

JSON

Related for CVE-2007-2765

prion3 cvelist4 nvd4 cve3 gentoo1 ubuntucve2 nessus1 openvas2