MidnightBSD

Advisories for fail2ban

CVE-2013-2178 MEDIUM

The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fail2ban fail2ban 0.3.1
fail2ban fail2ban 0.7.3
fail2ban fail2ban 0.8.4
fail2ban fail2ban 0.7.2
fail2ban fail2ban 0.7.8
fail2ban fail2ban 0.8.6
fail2ban fail2ban 0.7.9
fail2ban fail2ban 0.8.7
fail2ban fail2ban 0.1.0
fail2ban fail2ban 0.5.5
fail2ban fail2ban 0.8.1
fail2ban fail2ban 0.5.0
fail2ban fail2ban 0.5.4
fail2ban fail2ban *
fail2ban fail2ban 0.8.7.1
fail2ban fail2ban 0.5.2
fail2ban fail2ban 0.7.7
fail2ban fail2ban 0.5.3
fail2ban fail2ban 0.1.2
fail2ban fail2ban 0.7.0
fail2ban fail2ban 0.4.0
fail2ban fail2ban 0.8.2
fail2ban fail2ban 0.8.8
fail2ban fail2ban 0.3.0
fail2ban fail2ban 0.5.1
fail2ban fail2ban 0.7.1
fail2ban fail2ban 0.6.1
fail2ban fail2ban 0.7.4
fail2ban fail2ban 0.6.0
fail2ban fail2ban 0.8.3
fail2ban fail2ban 0.4.1
fail2ban fail2ban 0.7.6
fail2ban fail2ban 0.7.5
fail2ban fail2ban 0.8.0
fail2ban fail2ban 0.8.5
fail2ban fail2ban 0.1.1
CVE-2013-7176 MEDIUM

config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fail2ban fail2ban 0.3.1
fail2ban fail2ban 0.7.3
fail2ban fail2ban 0.8.4
fail2ban fail2ban 0.7.2
fail2ban fail2ban 0.7.8
fail2ban fail2ban 0.8.6
fail2ban fail2ban 0.7.9
fail2ban fail2ban 0.8.7
fail2ban fail2ban 0.1.0
fail2ban fail2ban 0.5.5
fail2ban fail2ban 0.8.1
fail2ban fail2ban 0.5.0
fail2ban fail2ban 0.5.4
fail2ban fail2ban *
fail2ban fail2ban 0.8.7.1
fail2ban fail2ban 0.5.2
fail2ban fail2ban 0.7.7
fail2ban fail2ban 0.5.3
fail2ban fail2ban 0.1.2
fail2ban fail2ban 0.7.0
fail2ban fail2ban 0.4.0
fail2ban fail2ban 0.8.9
fail2ban fail2ban 0.8.2
fail2ban fail2ban 0.8.8
fail2ban fail2ban 0.3.0
fail2ban fail2ban 0.5.1
fail2ban fail2ban 0.7.1
fail2ban fail2ban 0.6.1
fail2ban fail2ban 0.7.4
fail2ban fail2ban 0.6.0
fail2ban fail2ban 0.8.3
fail2ban fail2ban 0.4.1
fail2ban fail2ban 0.7.6
fail2ban fail2ban 0.7.5
fail2ban fail2ban 0.8.0
fail2ban fail2ban 0.8.5
fail2ban fail2ban 0.1.1
CVE-2013-7177 MEDIUM

config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fail2ban fail2ban 0.3.1
fail2ban fail2ban 0.7.3
fail2ban fail2ban 0.8.4
fail2ban fail2ban 0.7.2
fail2ban fail2ban 0.7.8
fail2ban fail2ban 0.8.6
fail2ban fail2ban 0.7.9
fail2ban fail2ban 0.8.7
fail2ban fail2ban 0.1.0
fail2ban fail2ban 0.5.5
fail2ban fail2ban 0.8.1
fail2ban fail2ban 0.5.0
fail2ban fail2ban 0.5.4
fail2ban fail2ban *
fail2ban fail2ban 0.8.7.1
fail2ban fail2ban 0.5.2
fail2ban fail2ban 0.7.7
fail2ban fail2ban 0.5.3
fail2ban fail2ban 0.1.2
fail2ban fail2ban 0.7.0
fail2ban fail2ban 0.4.0
fail2ban fail2ban 0.8.9
fail2ban fail2ban 0.8.2
fail2ban fail2ban 0.8.8
fail2ban fail2ban 0.3.0
fail2ban fail2ban 0.5.1
fail2ban fail2ban 0.7.1
fail2ban fail2ban 0.6.1
fail2ban fail2ban 0.7.4
fail2ban fail2ban 0.6.0
fail2ban fail2ban 0.8.3
fail2ban fail2ban 0.4.1
fail2ban fail2ban 0.7.6
fail2ban fail2ban 0.7.5
fail2ban fail2ban 0.8.0
fail2ban fail2ban 0.8.5
fail2ban fail2ban 0.1.1
CVE-2021-32749 MEDIUM

fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if unescaped sequences (`\n~`) are available in "foreign" input (for instance in whois output). To exploit the vulnerability, an attacker would need to insert malicious characters into the response sent by the whois server, either via a MITM attack or by taking over a whois server. The issue is patched in versions 0.10.7 and 0.11.3. As a workaround, one may avoid the usage of action `mail-whois` or patch the vulnerability manually.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
security-advisories@github.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N 1.6 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-94,

Products Affected

Vendor Product Version
fail2ban fail2ban *
fedoraproject fedora 35
fedoraproject fedora 34