All the vulnerabilites related to fail2ban - fail2ban
cve-2006-6302
Vulnerability from cvelistv5
Published
2006-12-06 19:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200702-05.xml | vendor-advisory, x_refsource_GENTOO | |
| http://bugs.gentoo.org/show_bug.cgi?id=157166 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/23237 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/24184 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30739 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/21469 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2006/4877 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200702-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200702-05.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=157166"
},
{
"name": "23237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23237"
},
{
"name": "24184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24184"
},
{
"name": "fail2ban-log-message-dos(30739)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30739"
},
{
"name": "21469",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21469"
},
{
"name": "ADV-2006-4877",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200702-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200702-05.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=157166"
},
{
"name": "23237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23237"
},
{
"name": "24184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24184"
},
{
"name": "fail2ban-log-message-dos(30739)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30739"
},
{
"name": "21469",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21469"
},
{
"name": "ADV-2006-4877",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200702-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200702-05.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=157166",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=157166"
},
{
"name": "23237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23237"
},
{
"name": "24184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24184"
},
{
"name": "fail2ban-log-message-dos(30739)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30739"
},
{
"name": "21469",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21469"
},
{
"name": "ADV-2006-4877",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6302",
"datePublished": "2006-12-06T19:00:00",
"dateReserved": "2006-12-05T00:00:00",
"dateUpdated": "2024-08-07T20:19:35.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-5023
Vulnerability from cvelistv5
Published
2014-06-10 14:00
Modified
2024-08-07 07:24
Severity ?
EPSS score ?
Summary
The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fail2ban/fail2ban/blob/sdist/0.8.5/ChangeLog | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-201406-03.xml | vendor-advisory, x_refsource_GENTOO | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544232 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/58841 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/fail2ban/fail2ban/blob/sdist/0.8.5/ChangeLog"
},
{
"name": "GLSA-201406-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-03.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544232"
},
{
"name": "58841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58841"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-10T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fail2ban/fail2ban/blob/sdist/0.8.5/ChangeLog"
},
{
"name": "GLSA-201406-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-03.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544232"
},
{
"name": "58841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58841"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-5023",
"datePublished": "2014-06-10T14:00:00",
"dateReserved": "2010-12-09T00:00:00",
"dateUpdated": "2024-08-07T07:24:54.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32749
Vulnerability from cvelistv5
Published
2021-07-16 00:00
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if unescaped sequences (`\n~`) are available in "foreign" input (for instance in whois output). To exploit the vulnerability, an attacker would need to insert malicious characters into the response sent by the whois server, either via a MITM attack or by taking over a whois server. The issue is patched in versions 0.10.7 and 0.11.3. As a workaround, one may avoid the usage of action `mail-whois` or patch the vulnerability manually.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:54.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fail2ban/fail2ban/commit/2ed414ed09b3bb4c478abc9366a1ff22024a33c9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844"
},
{
"name": "FEDORA-2021-0ab8f6a19a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WHJK2X2MR2WDYZMCW7COZXJDUSDYMY6/"
},
{
"name": "FEDORA-2021-a18b79d182",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZRYQ77MTX5WSV33VCJLK4KBKR55QZ7ZA/"
},
{
"name": "GLSA-202310-13",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "fail2ban",
"vendor": "fail2ban",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.9.7"
},
{
"status": "affected",
"version": "\u003e= 0.10.0, \u003c= 0.10.6"
},
{
"status": "affected",
"version": "\u003e= 0.11.0, \u003c= 0.11.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if unescaped sequences (`\\n~`) are available in \"foreign\" input (for instance in whois output). To exploit the vulnerability, an attacker would need to insert malicious characters into the response sent by the whois server, either via a MITM attack or by taking over a whois server. The issue is patched in versions 0.10.7 and 0.11.3. As a workaround, one may avoid the usage of action `mail-whois` or patch the vulnerability manually."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T07:06:11.556870",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm"
},
{
"url": "https://github.com/fail2ban/fail2ban/commit/2ed414ed09b3bb4c478abc9366a1ff22024a33c9"
},
{
"url": "https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844"
},
{
"name": "FEDORA-2021-0ab8f6a19a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WHJK2X2MR2WDYZMCW7COZXJDUSDYMY6/"
},
{
"name": "FEDORA-2021-a18b79d182",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZRYQ77MTX5WSV33VCJLK4KBKR55QZ7ZA/"
},
{
"name": "GLSA-202310-13",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202310-13"
}
],
"source": {
"advisory": "GHSA-m985-3f3v-cwmm",
"discovery": "UNKNOWN"
},
"title": "Possible RCE vulnerability in mailing action using mailutils (mail-whois)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32749",
"datePublished": "2021-07-16T00:00:00",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:54.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0362
Vulnerability from cvelistv5
Published
2009-02-13 01:00
Modified
2024-09-16 20:26
Severity ?
EPSS score ?
Summary
filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/33890 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/33734 | vdb-entry, x_refsource_BID | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514163 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:26.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33890"
},
{
"name": "33734",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-13T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33890"
},
{
"name": "33734",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514163"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33890"
},
{
"name": "33734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33734"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514163",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514163"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0362",
"datePublished": "2009-02-13T01:00:00Z",
"dateReserved": "2009-01-29T00:00:00Z",
"dateUpdated": "2024-09-16T20:26:16.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2178
Vulnerability from cvelistv5
Published
2013-08-28 17:18
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17338 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.openwall.com/lists/oss-security/2013/06/13/7 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2013/dsa-2708 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html | vendor-advisory, x_refsource_SUSE | |
| https://raw.github.com/fail2ban/fail2ban/master/ChangeLog | x_refsource_CONFIRM | |
| https://vndh.net/note:fail2ban-089-denial-service | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:17338",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17338"
},
{
"name": "[oss-security] 20130613 Re: Re: Fail2ban 0.8.9, Denial of Service (Apache rules only)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/13/7"
},
{
"name": "DSA-2708",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2708"
},
{
"name": "openSUSE-SU-2014:0348",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://raw.github.com/fail2ban/fail2ban/master/ChangeLog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vndh.net/note:fail2ban-089-denial-service"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:17338",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17338"
},
{
"name": "[oss-security] 20130613 Re: Re: Fail2ban 0.8.9, Denial of Service (Apache rules only)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/13/7"
},
{
"name": "DSA-2708",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2708"
},
{
"name": "openSUSE-SU-2014:0348",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://raw.github.com/fail2ban/fail2ban/master/ChangeLog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vndh.net/note:fail2ban-089-denial-service"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2178",
"datePublished": "2013-08-28T17:18:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:41.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5642
Vulnerability from cvelistv5
Published
2012-12-31 11:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/12/17/2 | mailing-list, x_refsource_MLIST | |
| https://github.com/fail2ban/fail2ban/commit/83109bc | x_refsource_CONFIRM | |
| http://sourceforge.net/mailarchive/message.php?msg_id=30193056 | mailing-list, x_refsource_MLIST | |
| https://raw.github.com/fail2ban/fail2ban/master/ChangeLog | x_refsource_CONFIRM | |
| https://bugs.gentoo.org/show_bug.cgi?id=447572 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2013-04/msg00002.html | vendor-advisory, x_refsource_SUSE | |
| https://bugzilla.redhat.com/show_bug.cgi?id=887914 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:078 | vendor-advisory, x_refsource_MANDRIVA | |
| http://lists.opensuse.org/opensuse-updates/2013-04/msg00001.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20121217 Re: CVE request: fail2ban 0.8.8 fixes an input variable quoting flaw on \u003cmatches\u003e content",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/17/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/fail2ban/fail2ban/commit/83109bc"
},
{
"name": "[fail2ban-users] 20121206 0.8.8 release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30193056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://raw.github.com/fail2ban/fail2ban/master/ChangeLog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=447572"
},
{
"name": "openSUSE-SU-2013:0567",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=887914"
},
{
"name": "MDVSA-2013:078",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:078"
},
{
"name": "openSUSE-SU-2013:0566",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-02T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20121217 Re: CVE request: fail2ban 0.8.8 fixes an input variable quoting flaw on \u003cmatches\u003e content",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/17/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fail2ban/fail2ban/commit/83109bc"
},
{
"name": "[fail2ban-users] 20121206 0.8.8 release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30193056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://raw.github.com/fail2ban/fail2ban/master/ChangeLog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=447572"
},
{
"name": "openSUSE-SU-2013:0567",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=887914"
},
{
"name": "MDVSA-2013:078",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:078"
},
{
"name": "openSUSE-SU-2013:0566",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5642",
"datePublished": "2012-12-31T11:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7176
Vulnerability from cvelistv5
Published
2014-02-01 15:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/686662 | third-party-advisory, x_refsource_CERT-VN | |
| http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2014/dsa-2979 | vendor-advisory, x_refsource_DEBIAN | |
| https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#686662",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/686662"
},
{
"name": "openSUSE-SU-2014:0348",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html"
},
{
"name": "DSA-2979",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2979"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-13T13:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#686662",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/686662"
},
{
"name": "openSUSE-SU-2014:0348",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html"
},
{
"name": "DSA-2979",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2979"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-7176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#686662",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/686662"
},
{
"name": "openSUSE-SU-2014:0348",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html"
},
{
"name": "DSA-2979",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2979"
},
{
"name": "https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821",
"refsource": "CONFIRM",
"url": "https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-7176",
"datePublished": "2014-02-01T15:00:00",
"dateReserved": "2013-12-19T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7177
Vulnerability from cvelistv5
Published
2014-02-01 15:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/686662 | third-party-advisory, x_refsource_CERT-VN | |
| https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2014/dsa-2979 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#686662",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/686662"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087"
},
{
"name": "openSUSE-SU-2014:0348",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html"
},
{
"name": "DSA-2979",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-13T13:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#686662",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/686662"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087"
},
{
"name": "openSUSE-SU-2014:0348",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html"
},
{
"name": "DSA-2979",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-7177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#686662",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/686662"
},
{
"name": "https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087",
"refsource": "CONFIRM",
"url": "https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087"
},
{
"name": "openSUSE-SU-2014:0348",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html"
},
{
"name": "DSA-2979",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-7177",
"datePublished": "2014-02-01T15:00:00",
"dateReserved": "2013-12-19T00:00:00",
"dateUpdated": "2024-08-06T18:01:19.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4321
Vulnerability from cvelistv5
Published
2007-08-14 00:00
Modified
2024-08-07 14:53
Severity ?
EPSS score ?
Summary
fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2008/dsa-1456 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/23237 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/42484 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/25117 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28374 | third-party-advisory, x_refsource_SECUNIA | |
| http://bugs.gentoo.org/show_bug.cgi?id=181214 | x_refsource_MISC | |
| http://security.gentoo.org/glsa/glsa-200707-13.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.ossec.net/en/attacking-loganalysis.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1456",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1456"
},
{
"name": "23237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23237"
},
{
"name": "42484",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42484"
},
{
"name": "25117",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25117"
},
{
"name": "28374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28374"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=181214"
},
{
"name": "GLSA-200707-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200707-13.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ossec.net/en/attacking-loganalysis.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-01-12T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1456",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1456"
},
{
"name": "23237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23237"
},
{
"name": "42484",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42484"
},
{
"name": "25117",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25117"
},
{
"name": "28374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28374"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=181214"
},
{
"name": "GLSA-200707-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200707-13.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ossec.net/en/attacking-loganalysis.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1456",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1456"
},
{
"name": "23237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23237"
},
{
"name": "42484",
"refsource": "OSVDB",
"url": "http://osvdb.org/42484"
},
{
"name": "25117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25117"
},
{
"name": "28374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28374"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=181214",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=181214"
},
{
"name": "GLSA-200707-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200707-13.xml"
},
{
"name": "http://www.ossec.net/en/attacking-loganalysis.html",
"refsource": "MISC",
"url": "http://www.ossec.net/en/attacking-loganalysis.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4321",
"datePublished": "2007-08-14T00:00:00",
"dateReserved": "2007-08-13T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}