Bug 244942

Summary: Security vulnerablity - log injection
Product: [Fedora] Fedora Reporter: Jonathan Underwood <jonathan.underwood>
Component: fail2banAssignee: Axel Thimm <axel.thimm>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: 7   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 0.8.0-9.fc7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-06-21 20:07:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Fix DOS vulnerability and AllowUsers issue in sshd.conf
none
Fix regex patterns for sshd.conf to cope with AllowUsers and DOS attacks none

Description Jonathan Underwood 2007-06-19 23:38:32 UTC 
Description of problem:
As detailed on th fail2ban website, the latest release (0.8) is susceptible to a
log injection vulnerability. More discussion can be found here:

http://www.ossec.net/en/attacking-loganalysis.html#fail2ban

and a patch can be found here:

http://www.ossec.net/en/attacking-loganalysis.html#patches
Comment 1 Jonathan Underwood 2007-06-20 10:59:14 UTC 
Actually, of course, that patch mentioned above wouldn't fix the extra regex
line we patch in ourselves. I am posting a patch which does both - this should
replace the previous regex patch.
Comment 2 Jonathan Underwood 2007-06-20 11:00:39 UTC 
Created attachment 157447 [details]
Fix DOS vulnerability and AllowUsers issue in sshd.conf

I am currently testing this locally at the moment.
Comment 3 Jonathan Underwood 2007-06-20 11:08:36 UTC 
Hm, actually that patch doesn't correctly fix the last regex entry. Need to
think some more.
Comment 4 Jonathan Underwood 2007-06-20 13:02:49 UTC 
Created attachment 157459 [details]
Fix regex patterns for sshd.conf to cope with AllowUsers and DOS attacks

This is tested and works fine.
Comment 5 Axel Thimm 2007-06-21 18:12:22 UTC 
Thanks, new packages have been built and will either get into the repos directly
(fc5, fc6, rawhide) or wait in updates-testing (f7).
Comment 6 Fedora Update System 2007-06-21 20:07:18 UTC 
fail2ban-0.8.0-9.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.