Lucene search
RedhatCVE-2009-5023HistoryJun 10, 2014 - 2:55 p.m.
CVE-2009-5023
2014-06-1014:55:08
CWE-59
redhat
web.nvd.nist.gov
30
fail2ban
cve-2009-5023
symlink attack
nvd
CVSS2
4.7
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:N/I:C/A:N
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
5.1%
The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt.
Affected configurations
Node
fail2banfail2banRange≤0.8.4
ORfail2banfail2banMatch0.1.0
ORfail2banfail2banMatch0.1.1
ORfail2banfail2banMatch0.1.2
ORfail2banfail2banMatch0.3.0
ORfail2banfail2banMatch0.3.1
ORfail2banfail2banMatch0.4.0
ORfail2banfail2banMatch0.4.1
ORfail2banfail2banMatch0.5.0
ORfail2banfail2banMatch0.5.1
ORfail2banfail2banMatch0.5.2
ORfail2banfail2banMatch0.5.3
ORfail2banfail2banMatch0.5.4
ORfail2banfail2banMatch0.5.5
ORfail2banfail2banMatch0.6.0
ORfail2banfail2banMatch0.6.1
ORfail2banfail2banMatch0.7.0
ORfail2banfail2banMatch0.7.1
ORfail2banfail2banMatch0.7.2
ORfail2banfail2banMatch0.7.3
ORfail2banfail2banMatch0.7.4
ORfail2banfail2banMatch0.7.5
ORfail2banfail2banMatch0.7.6
ORfail2banfail2banMatch0.7.7
ORfail2banfail2banMatch0.7.8
ORfail2banfail2banMatch0.7.9
ORfail2banfail2banMatch0.8.0
ORfail2banfail2banMatch0.8.1
ORfail2banfail2banMatch0.8.2
ORfail2banfail2banMatch0.8.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fail2ban | fail2ban | * | cpe:2.3:a:fail2ban:fail2ban:*:*:*:*:*:*:*:* |
| fail2ban | fail2ban | 0.1.0 | cpe:2.3:a:fail2ban:fail2ban:0.1.0:*:*:*:*:*:*:* |
| fail2ban | fail2ban | 0.1.1 | cpe:2.3:a:fail2ban:fail2ban:0.1.1:*:*:*:*:*:*:* |
| fail2ban | fail2ban | 0.1.2 | cpe:2.3:a:fail2ban:fail2ban:0.1.2:*:*:*:*:*:*:* |
| fail2ban | fail2ban | 0.3.0 | cpe:2.3:a:fail2ban:fail2ban:0.3.0:*:*:*:*:*:*:* |
| fail2ban | fail2ban | 0.3.1 | cpe:2.3:a:fail2ban:fail2ban:0.3.1:*:*:*:*:*:*:* |
| fail2ban | fail2ban | 0.4.0 | cpe:2.3:a:fail2ban:fail2ban:0.4.0:*:*:*:*:*:*:* |
| fail2ban | fail2ban | 0.4.1 | cpe:2.3:a:fail2ban:fail2ban:0.4.1:*:*:*:*:*:*:* |
| fail2ban | fail2ban | 0.5.0 | cpe:2.3:a:fail2ban:fail2ban:0.5.0:*:*:*:*:*:*:* |
| fail2ban | fail2ban | 0.5.1 | cpe:2.3:a:fail2ban:fail2ban:0.5.1:*:*:*:*:*:*:* |
Related
nessus
nessus
openSUSE Security Update : fail2ban (openSUSE-SU-2011:1175-1)
2014-06-13 00:00:00
openSUSE Security Update : fail2ban (openSUSE-SU-2011:1175-1)
2014-06-13 00:00:00
GLSA-201406-03 : Fail2ban: Multiple vulnerabilities
2014-06-02 00:00:00
nvd
nvd
CVE-2009-5023
2014-06-10 14:55:08
debiancve
debiancve
CVE-2009-5023
2014-06-10 14:55:08
prion
prion
Design/Logic Flaw
2014-06-10 14:55:00
cvelist
cvelist
CVE-2009-5023
2014-06-10 14:00:00
ubuntucve
ubuntucve
CVE-2009-5023
2014-06-10 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201406-03
2015-09-29 00:00:00
gentoo
gentoo
Fail2ban: Multiple vulnerabilities
2014-06-01 00:00:00
osv
osv
SuSEfirewall2-fail2ban-0.9.5-1.1 on GA media
2024-06-15 00:00:00
CVSS2
4.7
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:N/I:C/A:N
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
5.1%
Related for CVE-2009-5023