Bug 1059935 (CVE-2013-7176) - CVE-2013-7176 fail2ban: remote denial of service in postfix filter
Summary: CVE-2013-7176 fail2ban: remote denial of service in postfix filter
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-7176
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1059937
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-01-31 01:24 UTC by Murray McAllister
Modified: 2021-10-20 10:43 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-20 10:43:30 UTC


Attachments (Terms of Use)

Description Murray McAllister 2014-01-31 01:24:54 UTC
A denial of service flaw was found in fail2ban's postfix filter. A remote attacker could use this flaw to cause an attacker-chosen IP address to be blocked.

This issue only affects versions prior to 0.8.11. As such, only the version of fail2ban in EPEL 5 should be affected.

The Secunia advisory (http://secunia.com/advisories/56691/) also notes the following:

"Some errors in regular expressions within unspecified filters can be exploited to e.g. spoof client IP addresses and subsequently cause arbitrary IP addresses to be banned."

This may be the "In light of CVE-2013-2178 that triggered our last release we have put a significant effort into tightening all of the regexs of our filters to avoid another similar vulnerability" part of the 0.8.11 changelog, but I am not sure. Recommend upgrading to 0.8.11 or later.

References:
https://github.com/fail2ban/fail2ban/blob/master/ChangeLog
http://www.kb.cert.org/vuls/id/686662
http://secunia.com/advisories/56691/
https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821

Comment 1 Murray McAllister 2014-01-31 01:27:39 UTC
Created fail2ban tracking bugs for this issue:

Affects: epel-5 [bug 1059937]


Note You need to log in before you can comment on or make changes to this bug.