GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sat Jul 28, 2007 11:26 pm Post subject: [ GLSA 200707-13 ] Fail2ban: Denial of Service |
 |
|
Gentoo Linux Security Advisory
Title: Fail2ban: Denial of Service (GLSA 200707-13)
Severity: normal
Exploitable: remote
Date: July 28, 2007
Updated: January 09, 2008
Bug(s): #181214
ID: 200707-13
Synopsis
Fail2ban is vulnerable to a Denial of Service attack.
Background
Fail2ban is a tool for parsing log files and banning IP addresses which
make too many password failures.
Affected Packages
Package: net-analyzer/fail2ban
Vulnerable: < 0.8.0-r1
Unaffected: >= 0.8.0-r1
Architectures: All supported architectures
Description
A vulnerability has been discovered in Fail2ban when parsing log files.
Impact
A remote attacker could send specially crafted SSH login banners to the
vulnerable host, which would prevent any ssh connection to the host and
result in a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All Fail2ban users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/fail2ban-0.8.0-r1" |
References
CVE-2007-4321
Original advisory
Last edited by GLSA on Mon Dec 22, 2014 4:24 am; edited 5 times in total |
|
News & Announcements
