Public bug reported:

Binary package hint: denyhosts

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=7.10
DISTRIB_CODENAME=gutsy
DISTRIB_DESCRIPTION="Ubuntu 7.10"

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name           Version        Description
+++-==============-==============-================================================
ii  denyhosts      2.6-2.1        an utility to help sys admins thwart ssh 
hackers


After failed login attempts from a previously unknown host, "denyhosts" will 
submit the host's IP address to a centrally-maintained list. (This is referred 
to as "sync"). This occasionally fails with an exception thrown, the logs 
contain this:

--------
2008-02-01 08:56:11,498 - denyhosts   : INFO     new denied hosts: 
['190.129.118.1']
2008-02-01 10:04:44,116 - sync        : ERROR    <Fault 1: 
'_mysql_exceptions.OperationalError:(1054, "Unknown column \'None\' in \'field 
list\'")'>
Traceback (most recent call last):
  File "/usr/share/denyhosts/DenyHosts/sync.py", line 100, in __send_new_hosts
    self.__server.add_hosts(hosts)
  File "xmlrpclib.py", line 1147, in __call__
    return self.__send(self.__name, args)
  File "xmlrpclib.py", line 1437, in __request
    verbose=self.__verbose
  File "xmlrpclib.py", line 1201, in request
    return self._parse_response(h.getfile(), sock)
  File "xmlrpclib.py", line 1340, in _parse_response
    return u.close()
  File "xmlrpclib.py", line 787, in close
    raise Fault(**self._stack[0])
Fault: <Fault 1: '_mysql_exceptions.OperationalError:(1054, "Unknown column 
\'None\' in \'field list\'")'>
2008-02-01 10:04:44,227 - sync        : INFO     sent 1 new host
--------

The log claims "sent 1 new host", but I don't believe that the send
succeeded.

I don't consider this a security vuln, as denyhosts *does* deny
subsequent connection attempts. The bug only prevents the submission of
the hacker to the central database.

This is denyhosts version 2.6-2.1, Python version 2.5.1.

** Affects: denyhosts (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: denyhosts (Debian)
     Importance: Unknown
         Status: Unknown

** Bug watch added: Debian Bug tracker #436417
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=436417

** Also affects: denyhosts (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=436417
   Importance: Unknown
       Status: Unknown

-- 
denyhosts - exception thrown from "__send_new_hosts"
https://bugs.launchpad.net/bugs/188314
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to