Bug 244942 - Security vulnerablity - log injection
Security vulnerablity - log injection
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: fail2ban (Show other bugs)
7
All Linux
high Severity high
: ---
: ---
Assigned To: Axel Thimm
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-19 19:38 EDT by Jonathan Underwood
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version: 0.8.0-9.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-21 16:07:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Fix DOS vulnerability and AllowUsers issue in sshd.conf (779 bytes, patch)
2007-06-20 07:00 EDT, Jonathan Underwood
no flags Details | Diff
Fix regex patterns for sshd.conf to cope with AllowUsers and DOS attacks (779 bytes, patch)
2007-06-20 09:02 EDT, Jonathan Underwood
no flags Details | Diff

  None (edit)
Description Jonathan Underwood 2007-06-19 19:38:32 EDT
Description of problem:
As detailed on th fail2ban website, the latest release (0.8) is susceptible to a
log injection vulnerability. More discussion can be found here:

http://www.ossec.net/en/attacking-loganalysis.html#fail2ban

and a patch can be found here:

http://www.ossec.net/en/attacking-loganalysis.html#patches
Comment 1 Jonathan Underwood 2007-06-20 06:59:14 EDT
Actually, of course, that patch mentioned above wouldn't fix the extra regex
line we patch in ourselves. I am posting a patch which does both - this should
replace the previous regex patch.
Comment 2 Jonathan Underwood 2007-06-20 07:00:39 EDT
Created attachment 157447 [details]
Fix DOS vulnerability and AllowUsers issue in sshd.conf

I am currently testing this locally at the moment.
Comment 3 Jonathan Underwood 2007-06-20 07:08:36 EDT
Hm, actually that patch doesn't correctly fix the last regex entry. Need to
think some more.
Comment 4 Jonathan Underwood 2007-06-20 09:02:49 EDT
Created attachment 157459 [details]
Fix regex patterns for sshd.conf to cope with AllowUsers and DOS attacks

This is tested and works fine.
Comment 5 Axel Thimm 2007-06-21 14:12:22 EDT
Thanks, new packages have been built and will either get into the repos directly
(fc5, fc6, rawhide) or wait in updates-testing (f7).
Comment 6 Fedora Update System 2007-06-21 16:07:18 EDT
fail2ban-0.8.0-9.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.