Executive Summary

Summary
Title Fail2ban: Multiple vulnerabilities
Informations
Name GLSA-201406-03 First vendor Publication 2014-06-01
Vendor Gentoo Last vendor Modification 2014-06-01
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in Fail2ban, the worst of which allows remote attackers to cause a Denial of Service condition.

Background

Fail2ban is a tool for parsing log files and banning IP addresses which show suspicious behavior.

Description

Multiple vulnerabilities have been discovered in Fail2ban. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could send a crafted URL to a web site which, when parsed by Fail2ban, would deny a specific IP address. Also, errors in regular expressions within certain filters can cause arbitrary IP addresses to be banned. Furthermore, a local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All Fail2ban users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/fail2ban-0.8.12

References

[ 1 ] CVE-2009-5023 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5023
[ 2 ] CVE-2013-2178 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2178
[ 3 ] CVE-2013-7176 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7176

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201406-03.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201406-03.xml

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-20 Improper Input Validation
33 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17338
 
Oval ID: oval:org.mitre.oval:def:17338
Title: DoS for arbitrary chosen IP addresses
Description: The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2178
 Version: 7
Platform(s): openSUSE 11.4
openSUSE 12.2
openSUSE 12.3
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19590
 
Oval ID: oval:org.mitre.oval:def:19590
Title: DSA-2708-1 fail2ban - denial of service
Description: Krzysztof Katowicz-Kowalewski discovered a vulnerability in Fail2ban, a log monitoring and system which can act on attack by preventing hosts to connect to specified services using the local firewall.
Family: unix Class: patch
Reference(s): DSA-2708-1
CVE-2013-2178
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
 Product(s): fail2ban
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 38

Open Source Vulnerability Database (OSVDB)

Id Description
74931 Fail2ban Multiple Temporary File Symlink Arbitrary File Append

Nessus® Vulnerability Scanner

Date Description
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-21.nasl - Type : ACT_GATHER_INFO
2014-07-18 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2979.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-544.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-194.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_fail2ban-111019.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_fail2ban-111019.nasl - Type : ACT_GATHER_INFO
2014-06-02 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-03.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-209.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-10806.nasl - Type : ACT_GATHER_INFO
2013-07-03 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2013-191.nasl - Type : ACT_GATHER_INFO
2013-06-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2708.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-06-10 21:28:11
  • Multiple Updates
2014-06-03 13:23:33
  • Multiple Updates
2014-06-01 21:21:08
  • First insertion