Lucene search

Ubuntu.comUB:CVE-2007-5715

HistoryOct 30, 2007 - 12:00 a.m.

CVE-2007-5715

2007-10-3000:00:00

ubuntu.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.035 Low

EPSS

Percentile

91.6%

JSON

DenyHosts 2.6 processes OpenSSH sshd “not listed in AllowUsers” log
messages with an incorrect regular expression that does not match an IP
address, which might allow remote attackers to avoid detection and blocking
when making invalid login attempts with a username not present in
AllowUsers, as demonstrated by the root username, a different vulnerability
than CVE-2007-4323.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/denyhosts/+bug/133569>

OSVersionArchitecturePackageVersionFilename
ubuntu6.10noarchdenyhosts< 2.5-3ubuntu0.1UNKNOWN
ubuntu7.04noarchdenyhosts< 2.6-1ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.10	noarch	denyhosts	< 2.5-3ubuntu0.1	UNKNOWN
ubuntu	7.04	noarch	denyhosts	< 2.6-1ubuntu0.1	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2007-5715

nvd.nist.gov/vuln/detail/CVE-2007-5715

security-tracker.debian.org/tracker/CVE-2007-5715

www.cve.org/CVERecord?id=CVE-2007-5715

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.035 Low

EPSS

Percentile

91.6%

JSON

Related for UB:CVE-2007-5715