In short, using something like: ssh -l 'Invalid user root from 123.123.123.123' 21.21.21.21 can lead to blocking of 123.123.123.123 as the regex in denyhosts.py is not specific enough. https://bugzilla.redhat.com/show_bug.cgi?id=1045982 http://seclists.org/oss-sec/2013/q4/535 http://www.debian.org/security/2013/dsa-2826
Thanks for the report
CVE-2013-6890 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6890): denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names.
+*denyhosts-2.6-r9 (06 Jan 2014) + + 06 Jan 2014; Christoph Junghans <ottxor@gentoo.org> +denyhosts-2.6-r9.ebuild, + +files/denyhosts-2.6-cve-2013-6890.patch, +files/denyhosts.init-r2, + metadata.xml: + fixed remote denial of ssh service (CVE-2013-6890, bug #495130), added purge + command to init.d script (bug #486730) and added me as maintainer +
Arches, please test and stabilize: =app-admin/denyhosts-2.6-r9 Target arches: alpha amd64 arm hppa ppc sparc x86
amd64 stable
x86 stable
alpha stable
sparc stable
arm stable
ppc stable
Stable for HPPA.
@creffett: why ia64?
Unintentional, must have accidentally clicked it while selecting arches. @maintainers: please clean up, @security, voting time, GLSA vote: yes.
+ 09 Jan 2014; Christoph Junghans <ottxor@gentoo.org> -denyhosts-2.6-r8.ebuild: + remove vulnerable version (bug #495130) +
Maintainer(s), Thank you for cleanup! Security please Vote!
GLSA Vote: Yes Created a New GLSA request.
This issue was resolved and addressed in GLSA 201406-23 at http://security.gentoo.org/glsa/glsa-201406-23.xml by GLSA coordinator Mikle Kolyada (Zlogene).