Bug 244942 - Security vulnerablity - log injection
Summary: Security vulnerablity - log injection
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: fail2ban   
(Show other bugs)
Version: 7
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Axel Thimm
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-06-19 23:38 UTC by Jonathan Underwood
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version: 0.8.0-9.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-21 20:07:21 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Fix DOS vulnerability and AllowUsers issue in sshd.conf (779 bytes, patch)
2007-06-20 11:00 UTC, Jonathan Underwood
no flags Details | Diff
Fix regex patterns for sshd.conf to cope with AllowUsers and DOS attacks (779 bytes, patch)
2007-06-20 13:02 UTC, Jonathan Underwood
no flags Details | Diff

Description Jonathan Underwood 2007-06-19 23:38:32 UTC
Description of problem:
As detailed on th fail2ban website, the latest release (0.8) is susceptible to a
log injection vulnerability. More discussion can be found here:

http://www.ossec.net/en/attacking-loganalysis.html#fail2ban

and a patch can be found here:

http://www.ossec.net/en/attacking-loganalysis.html#patches

Comment 1 Jonathan Underwood 2007-06-20 10:59:14 UTC
Actually, of course, that patch mentioned above wouldn't fix the extra regex
line we patch in ourselves. I am posting a patch which does both - this should
replace the previous regex patch.

Comment 2 Jonathan Underwood 2007-06-20 11:00:39 UTC
Created attachment 157447 [details]
Fix DOS vulnerability and AllowUsers issue in sshd.conf

I am currently testing this locally at the moment.

Comment 3 Jonathan Underwood 2007-06-20 11:08:36 UTC
Hm, actually that patch doesn't correctly fix the last regex entry. Need to
think some more.

Comment 4 Jonathan Underwood 2007-06-20 13:02:49 UTC
Created attachment 157459 [details]
Fix regex patterns for sshd.conf to cope with AllowUsers and DOS attacks

This is tested and works fine.

Comment 5 Axel Thimm 2007-06-21 18:12:22 UTC
Thanks, new packages have been built and will either get into the repos directly
(fc5, fc6, rawhide) or wait in updates-testing (f7).

Comment 6 Fedora Update System 2007-06-21 20:07:18 UTC
fail2ban-0.8.0-9.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.