Hi Tavis,
Reply inline.
On 6/7/07, Tavis Ormandy <[EMAIL PROTECTED]> wrote:
> These aren't exactly "0-day", I discussed several of these attacks last
> year, such as CVE-2006-6301, and informed the authors that there were
> undoubtedly more attacks against these tools. This topic is a favourite
On Wed, Jun 06, 2007 at 05:13:54PM -0300, Daniel Cid wrote:
> DenyHosts, Fail2ban and BlockHosts are vulnerable to remote log injection
> that can lead to arbitrarily injection of IP addresses in /etc/hosts.deny. To
> make it more "interesting", not only IP addresses can be added, but
> also the wi
Hi List,
DenyHosts, Fail2ban and BlockHosts are vulnerable to remote log injection
that can lead to arbitrarily injection of IP addresses in /etc/hosts.deny. To
make it more "interesting", not only IP addresses can be added, but
also the wild card "all", causing it to block the whole Internet out
