CVE-2013-6890

Debian Linux - Authentication Bypass

Title source: rule

Description

denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Helmut Grohne · textdoslinux

https://www.exploit-db.com/exploits/38909

View Code ZIP pw:eip

References (4)

[Mailing List] http://seclists.org/oss-sec/2013/q4/535

[Vendor Advisory] http://secunia.com/advisories/56239

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=1045982

[Third Party Advisory] http://www.debian.org/security/2013/dsa-2826

Scores

EPSS 0.1097

EPSS Percentile 93.3%

Classification

CWE

CWE-287

Status draft

Affected Products (5)

debian/debian_linux

fedoraproject/fedora

phil_schwartz/denyhosts

Timeline

Published Dec 23, 2013

Tracked Since Feb 18, 2026