User: Password:
|
|
Subscribe / Log in / New account

fail2ban: denial of service

Package(s):fail2ban CVE #(s):CVE-2006-6302
Created:February 16, 2007 Updated:July 30, 2007
Description: fail2ban 0.7.4 and earlier does not properly parse sshd logs file, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in to ssh using a login name containing certain strings with an IP address.
Alerts:
Gentoo 200702-05 fail2ban 2007-02-16

(Log in to post comments)

fail2ban: denial of service

Posted Feb 22, 2007 4:49 UTC (Thu) by k8to (subscriber, #15413) [Link]

Whee, reported this class of problem what, a year ago?

And it was fixed in one distro and not the other? :-(

fail2ban: denial of service

Posted Mar 1, 2007 14:42 UTC (Thu) by ofeeley (subscriber, #36105) [Link]

fail2ban >= 0.6.2 is unaffected according to the notice and 0.6.2-3 has been available on Fedora Core from Jan 5.

fail2ban: denial of service

Posted Apr 3, 2007 19:02 UTC (Tue) by kreutzm (guest, #4700) [Link]

Sarge does not contain fail2ban (only the upcoming Etch)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds