Executive Summary
Summary | |
---|---|
Title | Fail2ban postfix and cyrus-imap filters contain denial-of-service vulnerabilities |
Informations | |||
---|---|---|---|
Name | VU#686662 | First vendor Publication | 2014-01-28 |
Vendor | VU-CERT | Last vendor Modification | 2014-01-28 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#686662Fail2ban postfix and cyrus-imap filters contain denial-of-service vulnerabilitiesOverviewFail2ban versions prior to 0.8.11 are susceptible to a denial-of-service attack when a maliciously crafted email address is parsed by the postfix or cyrus-imap filters. If users have not deployed either of these filters then they are not affected. Description
Impact
Solution
Vendor Information (Learn More)
CVSS Metrics (Learn More)
References
CreditThanks to Steven Hiscocks for reporting this vulnerability. This document was written by Jared Allar. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. |
Original Source
Url : http://www.kb.cert.org/vuls/id/686662 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:25099 | |||
Oval ID: | oval:org.mitre.oval:def:25099 | ||
Title: | DSA-2979-1 -- fail2ban - security update | ||
Description: | Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, resulting in denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2979-1 CVE-2013-7176 CVE-2013-7177 | Version: | 5 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | fail2ban |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-21.nasl - Type : ACT_GATHER_INFO |
2014-07-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2979.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-194.nasl - Type : ACT_GATHER_INFO |
2014-06-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-03.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-03 21:24:35 |
|
2014-02-01 21:23:41 |
|
2014-01-28 17:18:18 |
|