[SSHGuard-maintainers] SSHGuard 2.5.0 security advisory: denial of service

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi all,

The Common Log Format (CLF, or web) parser in 2.5.0 has a defect that 
can lead to a denial of service.

Affected Versions

2.5.0

Problem

The quoted string parser echos characters from an unterminated quoted 
string to standard output due to a lex built-in default rule.

Impact

Attackers making long HTTP requests that cause the log line to exceed 
1000 characters may cause sshg-blocker to exit, resulting in SSHGuard 
not running.

Additionally, a specially-crafted invalid HTTP request may allow a 
remote attacker to trigger SSHGuard to block an attacker-specified 
address, resulting in targeted denial of service.

Workaround

Do not use SSHGuard 2.5.0 to parse CLF/web logs. If your sshguard.conf 
does not have FILES set to a log path containing CLF logs, then you are 
not affected.

Solution

A patch to correct this problem has already been committed to Git. 
Additionally, we expect to release a bug fix release 2.5.1 shortly.

If you will be impacted, do not upgrade to 2.5.0 and wait for 2.5.1. 
Those running 2.5.0 should follow use the "Workaround" or downgrade.

Regards,
Kevin

[SSHGuard-maintainers] SSHGuard 2.5.0 security advisory: denial of service

Intelligently block brute-force attacks by aggregating system logs

[SSHGuard-maintainers] SSHGuard 2.5.0 security advisory: denial of service