Lucene search
DebianDEBIAN:DLA-0021-1:D1F7AHistoryJul 26, 2014 - 10:35 a.m.
[DLA-0021-1] fail2ban security update
2014-07-2610:35:59
lists.debian.org
6
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.2 Medium
AI Score
Confidence
Low
0.017 Low
EPSS
Percentile
87.9%
Package : fail2ban
Version : 0.8.4-3+squeeze3
CVE ID : CVE-2013-7176 CVE-2013-7177
- Use anchored failregex for filters to avoid possible DoS. Manually
picked up from the current status of 0.8 branch (as of
0.8.13-29-g09b2016):- CVE-2013-7176: postfix.conf - anchored on the front, expects
"postfix/smtpd" prefix in the log line - CVE-2013-7177: cyrus-imap.conf - anchored on the front, and
refactored to have a single failregex - couriersmtp.conf - anchored on both sides
- exim.conf - front-anchored versions picked up from exim.conf
and exim-spam.conf - lighttpd-fastcgi.conf - front-anchored picked up from suhosin.conf
(copied from the Wheezy version)
- CVE-2013-7176: postfix.conf - anchored on the front, expects
- Catch also failed logins via secured (imaps/pop3s) for cyrus-imap.
Regression was introduced while strengthening failregex in 0.8.11 (bd175f)
Debian bug #755173 - cyrus-imap: catch "user not found" attempts
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 6 | all | fail2ban | < 0.8.4-3+squeeze3 | fail2ban_0.8.4-3+squeeze3_all.deb |
| Debian | 7 | all | fail2ban | < 0.8.6-3wheezy3 | fail2ban_0.8.6-3wheezy3_all.deb |
Related
nessus
nessus
Debian DSA-2979-1 : fail2ban - security update
2014-07-18 00:00:00
Debian DLA-21-1 : fail2ban security update
2015-03-26 00:00:00
openSUSE Security Update : fail2ban (openSUSE-SU-2014:0348-1)
2014-06-13 00:00:00
mageia
mageia
Updated fail2ban packages fix security issues
2014-04-16 17:12:59
openvas
openvas
Debian Security Advisory DSA 2979-1 (fail2ban - security update)
2014-07-17 00:00:00
Debian: Security Advisory (DSA-2979-1)
2014-07-16 00:00:00
Debian: Security Advisory (DLA-0021-1)
2023-03-08 00:00:00
osv
osv
fail2ban - security update
2014-07-26 00:00:00
securityvulns
securityvulns
DoS via fail2ban
2014-07-21 00:00:00
[SECURITY] [DSA 2979-1] fail2ban security update
2014-07-21 00:00:00
cert
cert
debian
debian
[SECURITY] [DSA 2979-1] fail2ban security update
2014-07-17 15:59:11
cve
cve
CVE-2013-7176
2014-02-01 15:55:04
CVE-2013-7177
2014-02-01 15:55:04
ubuntucve
ubuntucve
CVE-2013-7176
2014-02-01 00:00:00
CVE-2013-7177
2014-02-01 00:00:00
prion
prion
Design/Logic Flaw
2014-02-01 15:55:00
Design/Logic Flaw
2014-02-01 15:55:00
cvelist
cvelist
CVE-2013-7177
2014-02-01 15:00:00
CVE-2013-7176
2014-02-01 15:00:00
debiancve
debiancve
CVE-2013-7176
2014-02-01 15:55:04
CVE-2013-7177
2014-02-01 15:55:04
nvd
nvd
CVE-2013-7176
2014-02-01 15:55:04
CVE-2013-7177
2014-02-01 15:55:04
gentoo
gentoo
Fail2ban: Multiple vulnerabilities
2014-06-01 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.2 Medium
AI Score
Confidence
Low
0.017 Low
EPSS
Percentile
87.9%
Related for DEBIAN:DLA-0021-1:D1F7A