Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 22 Jun 2007 10:45:12 GMT
From:      David Bestor <freebsd1@indenial.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/113942: Denyhosts 2.6  port has a DoS issue
Message-ID:  <200706221045.l5MAjC1T017670@www.freebsd.org>
Resent-Message-ID: <200706221050.l5MAo8pK020403@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         113942
>Category:       ports
>Synopsis:       Denyhosts 2.6  port has a DoS issue
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 22 10:50:08 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     David Bestor
>Release:        FreeBSD 5.5
>Organization:
N/A
>Environment:
FreeBSD tbird.indenial.com 5.5-RELEASE-p12 FreeBSD 5.5-RELEASE-p12 #4: Fri Apr 27 06:49:24 EDT 2007     root@tbird.indenial.com:/usr/obj/usr/src/sys/TBIRD  i386
>Description:
Denyhosts in the ports has a serious bug..

See
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244943
see http://www.ossec.net/en/attacking-loganalysis.html#denyhosts

>How-To-Repeat:
see http://www.ossec.net/en/attacking-loganalysis.html#denyhosts
>Fix:
#############################################################
cd /usr/local/lib/python2.4/site-packages/DenyHosts/
diff -ruN regex.py.orig1 regex.py
#Make change below and
/usr/local/etc/rc.d/denyhosts.sh restart

--- regex.py.orig1      Thu Dec  7 14:47:04 2006
+++ regex.py    Thu Jun 21 19:18:09 2007
@@ -17,7 +17,7 @@

 FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*
from (?P<host>.*)""")

-FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not
allowed because none of user's groups are listed in AllowGroups""")
+FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not
allowed because none of user's groups are listed in AllowGroups$""")

 FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*fr
om (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")

#############################################################


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200706221045.l5MAjC1T017670>