Bug 1059935 (CVE-2013-7176)

Summary: CVE-2013-7176 fail2ban: remote denial of service in postfix filter
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: admiller, Axel.Thimm, jonathan.underwood, orion, vonsch
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-20 10:43:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1059937    
Bug Blocks:    

Description Murray McAllister 2014-01-31 01:24:54 UTC 
A denial of service flaw was found in fail2ban's postfix filter. A remote attacker could use this flaw to cause an attacker-chosen IP address to be blocked.

This issue only affects versions prior to 0.8.11. As such, only the version of fail2ban in EPEL 5 should be affected.

The Secunia advisory (http://secunia.com/advisories/56691/) also notes the following:

"Some errors in regular expressions within unspecified filters can be exploited to e.g. spoof client IP addresses and subsequently cause arbitrary IP addresses to be banned."

This may be the "In light of CVE-2013-2178 that triggered our last release we have put a significant effort into tightening all of the regexs of our filters to avoid another similar vulnerability" part of the 0.8.11 changelog, but I am not sure. Recommend upgrading to 0.8.11 or later.

References:
https://github.com/fail2ban/fail2ban/blob/master/ChangeLog
http://www.kb.cert.org/vuls/id/686662
http://secunia.com/advisories/56691/
https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821
Comment 1 Murray McAllister 2014-01-31 01:27:39 UTC 
Created fail2ban tracking bugs for this issue:

Affects: epel-5 [bug 1059937]