/[packages]/updates/3/denyhosts/current/SOURCES/denyhosts-2.6-deb-CVE-2013-6890-fix-dos.patch
ViewVC logotype

Annotation of /updates/3/denyhosts/current/SOURCES/denyhosts-2.6-deb-CVE-2013-6890-fix-dos.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 560116 - (hide annotations) (download)
Mon Dec 23 14:05:06 2013 UTC (10 years, 4 months ago) by solbu
File size: 3565 byte(s)
- Security fix for CVE-2013-6890 (mga#12092)
1 solbu 560116 Subject: address remote denial of service CVE-2013-6890
2     From: Helmut Grohne <helmut@subdivi.de>
3    
4     ssh -l 'Invalid user root from 123.123.123.123' 21.21.21.21
5    
6     results in a log lines
7    
8     sshd[123]: Invalid user Invalid user root from 123.123.123.123 from 21.21.21.21
9     sshd[123]: input_userauth_request: invalid user Invalid user root from 123.123.123.123 [preauth]
10     sshd[123]: Connection closed by 21.21.21.21 [preauth]
11    
12     and causes denyhosts to block both ips 21.21.21.21 and 123.123.123.123.
13    
14     This patch tightens the regular expressions used to avoid these and similar
15     injections.
16    
17     Index: denyhosts-2.6/DenyHosts/regex.py
18     ===================================================================
19     --- denyhosts-2.6.orig/DenyHosts/regex.py 2013-12-22 11:54:42.000000000 +0100
20     +++ denyhosts-2.6/DenyHosts/regex.py 2013-12-22 11:55:05.000000000 +0100
21     @@ -6,22 +6,22 @@
22    
23     #DATE_FORMAT_REGEX = re.compile(r"""(?P<month>[A-z]{3,3})\s*(?P<day>\d+)""")
24    
25     -SSHD_FORMAT_REGEX = re.compile(r""".* (sshd.*:|\[sshd\]) (?P<message>.*)""")
26     +SSHD_FORMAT_REGEX = re.compile(r""".*? (sshd.*?:|\[sshd\]) (?P<message>.*)""")
27     #SSHD_FORMAT_REGEX = re.compile(r""".* sshd.*: (?P<message>.*)""")
28    
29     -FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>.*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
30     +FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>\S*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
31    
32     -FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
33     +FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
34    
35     -FAILED_ENTRY_REGEX3 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
36     +FAILED_ENTRY_REGEX3 = None
37    
38     -FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""")
39     +FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) from (::ffff:)?(?P<host>\S+)$""")
40    
41     -FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups$""")
42     +FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because none of user's groups are listed in AllowGroups$""")
43    
44     -FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
45     +FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
46    
47     -FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) from (?P<host>.*) not allowed because not listed in AllowUsers""")
48     +FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because not listed in AllowUsers$""")
49    
50    
51     # these are reserved for future versions
52     @@ -42,7 +42,7 @@
53     FAILED_ENTRY_REGEX_MAP[i] = rx
54    
55    
56     -SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>.*) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
57     +SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>\S+) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
58    
59     TIME_SPEC_REGEX = re.compile(r"""(?P<units>\d*)\s*(?P<period>[smhdwy])?""")
60    

  ViewVC Help
Powered by ViewVC 1.1.30