CVE-2007-5715

DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as demonstrated by the root username, a different vulnerability than CVE-2007-4323.

Published: Oct 30, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-5715
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-16

OWASP TOP 10:

A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
denyhosts / denyhosts	2.6	2.6.x

http://bugs.gentoo.org/show_bug.cgi?id=181213
http://osvdb.org/45298
https://bugzilla.redhat.com/show_bug.cgi?id=237449

Vulnerability Database

290,301

CVE-2007-5715