BlockHosts Remote Denial of Service Vulnerability
TITLE: BlockHosts Remote Denial of Service Vulnerability
CLASS: Design Error
CVE: CVE-2007-2765
REMOTE: Yes
LOCAL: No
PUBLISHED: May 22 2007 12:00AM
UPDATE: Jun 07 2007 03:10AM
CREDIT: The vendor reported this issue.
VULNERABLE:
ACZoom BlockHosts 2.0.2NOT VULNERABLE:
ACZoom BlockHosts 2.0.3
Vai alla pagina originale su Security Focus
Discussion
BlockHosts is prone to a remote denial-of-service vulnerability because the application fails to properly validate the source of authentication failure messages.
Successfully exploiting this issue allows remote attackers to add arbitrary IP addresses to the block list used by the application. This allows attackers to deny further SSH network access to arbitrary IP addresses, denying service to legitimate users.
Versions of BlockHosts prior to 2.0.3 are vulnerable to this issue.
Exploit
Attackers use standard SSH-client software to exploit this issue.
Solution
Solution:
The vendor released an update to address this issue. Please see the references for more information.
ACZoom BlockHosts 2.0.2
- ACZoom BlockHosts-2.0.3-1.noarch.rpm
http://www.aczoom.com/tools/blockhosts/BlockHosts-2.0.3-1.noarch.rpm - ACZoom BlockHosts-2.0.3.zip
http://www.aczoom.com/tools/blockhosts/BlockHosts-2.0.3.zip
References
References:
- ChangeLog 2.0.3 (ACZoom)
- Remote log injection on DenyHosts,Fail2ban and BlockHosts (Daniel Cid
- Vendor Homepage (ACZoom)