Executive Summary

Summary
Title Fail2ban postfix and cyrus-imap filters contain denial-of-service vulnerabilities
Informations
Name VU#686662 First vendor Publication 2014-01-28
Vendor VU-CERT Last vendor Modification 2014-01-28
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#686662

Fail2ban postfix and cyrus-imap filters contain denial-of-service vulnerabilities

Original Release date: 28 Jan 2014 | Last revised: 28 Jan 2014

Overview

Fail2ban versions prior to 0.8.11 are susceptible to a denial-of-service attack when a maliciously crafted email address is parsed by the postfix or cyrus-imap filters. If users have not deployed either of these filters then they are not affected.

Description

Fail2ban versions prior to 0.8.11 are susceptible to a denial-of-service attack when a maliciously crafted email address is parsed by the postfix or cyrus-imap filters. An attacker can cause arbitrary IP addresses to be blocked by fail2ban.

CVE-2013-7177: cyrus-imap
https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087

CVE-2013-7176: postfix
https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821

Impact

A remote unauthenticated attacker may cause arbitrary IP addresses to be blocked by Fail2ban causing legitimate users to be blocked from accessing services protected by Fail2ban.

Solution

Apply an Update

Fail2Ban 0.8.11 addresses these vulnerabilities. Users are advised to upgrade to Fail2ban 0.8.11 or later.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Fail2banAffected-23 Jan 2014
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base7.8AV:N/AC:L/Au:N/C:N/I:N/A:C
Temporal6.4E:F/RL:OF/RC:C
Environmental4.8CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • http://www.fail2ban.org
  • https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087
  • https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821

Credit

Thanks to Steven Hiscocks for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs:CVE-2013-7176CVE-2013-7177
  • Date Public:20 Jan 2014
  • Date First Published:28 Jan 2014
  • Date Last Updated:28 Jan 2014
  • Document Revision:13

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/686662

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:25099
 
Oval ID: oval:org.mitre.oval:def:25099
Title: DSA-2979-1 -- fail2ban - security update
Description: Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, resulting in denial of service.
Family: unix Class: patch
Reference(s): DSA-2979-1
CVE-2013-7176
CVE-2013-7177
 Version: 5
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
 Product(s): fail2ban
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 38

Nessus® Vulnerability Scanner

Date Description
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-21.nasl - Type : ACT_GATHER_INFO
2014-07-18 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2979.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-194.nasl - Type : ACT_GATHER_INFO
2014-06-02 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-03.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-02-03 21:24:35
  • Multiple Updates
2014-02-01 21:23:41
  • Multiple Updates
2014-01-28 17:18:18
  • First insertion