CVE-2007-4322

CVSS 6.8 - MEDIUM

Description

BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765.

Affected Products

1

Vendor	Product	Version
ac_zoom	blockhosts	`2.0.4`

References

http://osvdb.org/36515

http://www.aczoom.com/tools/blockhosts/CHANGES

http://www.ossec.net/en/attacking-loganalysis.html

http://osvdb.org/36515

http://www.aczoom.com/tools/blockhosts/CHANGES

http://www.ossec.net/en/attacking-loganalysis.html

Weakness Types

NVD-CWE-Other

CVE Information

CVE ID:: CVE-2007-4322
Published:: 2007-08-14
Modified:: 2026-04-23
CVSS Score:: 6.8
Severity:: MEDIUM
Vector:: AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected Vendors

ac_zoom

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL