Jason L Tibbitts III wrote: > So, you can make denyhosts block any host by logging in with a > username that looks like an IP address. Any quick fixes? > > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6301
Not an issue, just look at what they say: "as demonstrated by loggig in to ssh using a login name containing certain strings with an IP address" And who is going to create a user in their system with "certain strings" and whatever? Answer: nobody. So they found a flaw, so what? is not exploitable just a fluke to brag about (for them) -- a waste of time for us. -- René Berber ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
