CVE-2007-4322 - Vulnerability Details - OpenCVE

BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ac Zoom	Blockhosts

Configuration 1 [-]

cpe:2.3:a:ac_zoom:blockhosts:2.0.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/36515
http://www.aczoom.com/tools/blockhosts/CHANGES
http://www.ossec.net/en/attacking-loganalysis.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-14T00:00:00

Updated: 2024-08-07T14:53:55.640Z

Reserved: 2007-08-13T00:00:00

Link: CVE-2007-4322

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-08-14T00:17:00.000

Modified: 2024-11-21T00:35:18.903

Link: CVE-2007-4322

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-07T00:00:00", "descriptions": [{"lang": "en", "value": "BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-10-31T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.aczoom.com/tools/blockhosts/CHANGES"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ossec.net/en/attacking-loganalysis.html"}, {"name": "36515", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36515"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4322", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.aczoom.com/tools/blockhosts/CHANGES", "refsource": "CONFIRM", "url": "http://www.aczoom.com/tools/blockhosts/CHANGES"}, {"name": "http://www.ossec.net/en/attacking-loganalysis.html", "refsource": "MISC", "url": "http://www.ossec.net/en/attacking-loganalysis.html"}, {"name": "36515", "refsource": "OSVDB", "url": "http://osvdb.org/36515"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:53:55.640Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.aczoom.com/tools/blockhosts/CHANGES"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ossec.net/en/attacking-loganalysis.html"}, {"name": "36515", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36515"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4322", "datePublished": "2007-08-14T00:00:00", "dateReserved": "2007-08-13T00:00:00", "dateUpdated": "2024-08-07T14:53:55.640Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ac_zoom:blockhosts:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "7C232288-25E7-4AE3-9F17-B66B76BD5E41", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765."}, {"lang": "es", "value": "BlockHosts anterior a 2.0.4 no analiza sint\u00e1cticamente de forma correcta los ficheros de log (1) sshd y (2) vsftpd, lo cual permite a atacantes remotos a\u00f1adir entradas de denegaci\u00f3n en el fichero /etc/hosts.allow y provocar una denegaci\u00f3n de servicio a\u00f1adiendo direcciones IP de su elecci\u00f3n a un fichero de log de demonio, como ha sido demostrado conect\u00e1ndose a trav\u00e9s de ssh con una identificaci\u00f3n de versi\u00f3n del protocolo del cliente que contiene una cadena con la direcci\u00f3n IP, o conect\u00e1ndose a trav\u00e9s de ftp con un nombre de usuario que contiene una cadena con la direcci\u00f3n IP, vectores diferentes de CVE-2007-2765."}], "id": "CVE-2007-4322", "lastModified": "2024-11-21T00:35:18.903", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-14T00:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/36515"}, {"source": "cve@mitre.org", "url": "http://www.aczoom.com/tools/blockhosts/CHANGES"}, {"source": "cve@mitre.org", "url": "http://www.ossec.net/en/attacking-loganalysis.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/36515"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.aczoom.com/tools/blockhosts/CHANGES"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ossec.net/en/attacking-loganalysis.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}