Kloxo HostInABox 575 - remotely block any - or every - IP addr in hosts.deny



DESCRIPTION


Remote, unauthenticated users can cause any IP addr(s) to get blocked by lxguard, via a crafted ssh username.



IMPACT


Remote users could cause applications that are linked to tcpwrappers to block incoming connections from any host of their choice.

[user@host ~]$ ssh -l 'password for test from ALL' x.x.x.x

where "x.x.x.x" is the remote host running sshd and Kloxo, and "test" is simply an example username. When the attacker exceeds the threshold for failed login attempts, lxguard will add 'ALL : ALL' to /etc/hosts.deny.