ID FEDORA:ADED42199F Type fedora Reporter Fedora Modified 2013-06-28T06:11:31
Description
Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. To use the hostsdeny and shorewall actions you must install tcp_wrappers and shorewall respectively.
{"id": "FEDORA:ADED42199F", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 17 Update: fail2ban-0.8.10-1.fc17", "description": "Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. To use the hostsdeny and shorewall actions you must install tcp_wrappers and shorewall respectively. ", "published": "2013-06-28T06:11:31", "modified": "2013-06-28T06:11:31", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2012-5642"], "lastseen": "2020-12-21T08:17:51", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-5642"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310864966", "OPENVAS:866039", "OPENVAS:1361412562310866033", "OPENVAS:864966", "OPENVAS:1361412562310866039", "OPENVAS:866033"]}, {"type": "nessus", "idList": ["FEDORA_2012-20619.NASL", "OPENSUSE-2013-267.NASL", "MANDRIVA_MDVSA-2013-078.NASL", "FEDORA_2012-20589.NASL"]}, {"type": "fedora", "idList": ["FEDORA:CAD3221C2F", "FEDORA:985EB2177F", "FEDORA:A4ABE20201"]}], "modified": "2020-12-21T08:17:51", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2020-12-21T08:17:51", "rev": 2}, "vulnersScore": 5.9}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "17", "arch": "any", "packageName": "fail2ban", "packageVersion": "0.8.10", "packageFilename": "UNKNOWN", "operator": "lt"}], "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:59:56", "description": "server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content.", "edition": 6, "cvss3": {}, "published": "2012-12-31T11:50:00", "title": "CVE-2012-5642", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5642"], "modified": "2013-12-05T05:20:00", "cpe": ["cpe:/a:fail2ban:fail2ban:0.8.6", "cpe:/a:fail2ban:fail2ban:0.8.3", "cpe:/a:fail2ban:fail2ban:0.7.3", "cpe:/a:fail2ban:fail2ban:0.6.0", "cpe:/a:fail2ban:fail2ban:0.8.7.1", "cpe:/a:fail2ban:fail2ban:0.5.2", "cpe:/a:fail2ban:fail2ban:0.7.9", "cpe:/a:fail2ban:fail2ban:0.7.2", "cpe:/a:fail2ban:fail2ban:0.7.0", "cpe:/a:fail2ban:fail2ban:0.7.8", "cpe:/a:fail2ban:fail2ban:0.7.1", "cpe:/a:fail2ban:fail2ban:0.8.2", "cpe:/a:fail2ban:fail2ban:0.1.0", "cpe:/a:fail2ban:fail2ban:0.5.4", "cpe:/a:fail2ban:fail2ban:0.7.5", "cpe:/a:fail2ban:fail2ban:0.4.1", "cpe:/a:fail2ban:fail2ban:0.6.1", "cpe:/a:fail2ban:fail2ban:0.8.5", "cpe:/a:fail2ban:fail2ban:0.5.0", "cpe:/a:fail2ban:fail2ban:0.3.0", "cpe:/a:fail2ban:fail2ban:0.8.4", "cpe:/a:fail2ban:fail2ban:0.4.0", "cpe:/a:fail2ban:fail2ban:0.7.4", "cpe:/a:fail2ban:fail2ban:0.7.6", "cpe:/a:fail2ban:fail2ban:0.7.7", "cpe:/a:fail2ban:fail2ban:0.8.0", "cpe:/a:fail2ban:fail2ban:0.8.1", "cpe:/a:fail2ban:fail2ban:0.5.5", "cpe:/a:fail2ban:fail2ban:0.3.1", "cpe:/a:fail2ban:fail2ban:0.5.3", "cpe:/a:fail2ban:fail2ban:0.5.1", "cpe:/a:fail2ban:fail2ban:0.8.7", "cpe:/a:fail2ban:fail2ban:0.1.1", "cpe:/a:fail2ban:fail2ban:0.1.2"], "id": "CVE-2012-5642", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5642", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:fail2ban:fail2ban:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.8.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:fail2ban:fail2ban:0.5.1:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-18T11:09:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5642"], "description": "Check for the Version of fail2ban", "modified": "2018-01-18T00:00:00", "published": "2013-07-02T00:00:00", "id": "OPENVAS:866033", "href": "http://plugins.openvas.org/nasl.php?oid=866033", "type": "openvas", "title": "Fedora Update for fail2ban FEDORA-2013-10830", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for fail2ban FEDORA-2013-10830\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Fail2ban scans log files like /var/log/pwdfail or\n /var/log/apache/error_log and bans IP that makes too many password\n failures. It updates firewall rules to reject the IP address.\n\n To use the hostsdeny and shorewall actions you must install tcp_wrappers\n and shorewall respectively.\";\n\n\ntag_affected = \"fail2ban on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(866033);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-02 10:16:49 +0530 (Tue, 02 Jul 2013)\");\n script_cve_id(\"CVE-2012-5642\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for fail2ban FEDORA-2013-10830\");\n\n script_xref(name: \"FEDORA\", value: \"2013-10830\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-June/109949.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of fail2ban\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"fail2ban\", rpm:\"fail2ban~0.8.10~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5642"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-07-02T00:00:00", "id": "OPENVAS:1361412562310866033", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866033", "type": "openvas", "title": "Fedora Update for fail2ban FEDORA-2013-10830", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for fail2ban FEDORA-2013-10830\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866033\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-02 10:16:49 +0530 (Tue, 02 Jul 2013)\");\n script_cve_id(\"CVE-2012-5642\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for fail2ban FEDORA-2013-10830\");\n script_xref(name:\"FEDORA\", value:\"2013-10830\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-June/109949.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'fail2ban'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"fail2ban on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"fail2ban\", rpm:\"fail2ban~0.8.10~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-06T13:07:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5642"], "description": "Check for the Version of fail2ban", "modified": "2018-01-04T00:00:00", "published": "2012-12-31T00:00:00", "id": "OPENVAS:864966", "href": "http://plugins.openvas.org/nasl.php?oid=864966", "type": "openvas", "title": "Fedora Update for fail2ban FEDORA-2012-20619", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for fail2ban FEDORA-2012-20619\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"fail2ban on Fedora 17\";\ntag_insight = \"Fail2ban scans log files like /var/log/pwdfail or\n /var/log/apache/error_log and bans IP that makes too many password\n failures. It updates firewall rules to reject the IP address.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095127.html\");\n script_id(864966);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-31 10:36:51 +0530 (Mon, 31 Dec 2012)\");\n script_cve_id(\"CVE-2012-5642\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-20619\");\n script_name(\"Fedora Update for fail2ban FEDORA-2012-20619\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of fail2ban\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"fail2ban\", rpm:\"fail2ban~0.8.8~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5642"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-12-31T00:00:00", "id": "OPENVAS:1361412562310864966", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864966", "type": "openvas", "title": "Fedora Update for fail2ban FEDORA-2012-20619", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for fail2ban FEDORA-2012-20619\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095127.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864966\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-31 10:36:51 +0530 (Mon, 31 Dec 2012)\");\n script_cve_id(\"CVE-2012-5642\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-20619\");\n script_name(\"Fedora Update for fail2ban FEDORA-2012-20619\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'fail2ban'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"fail2ban on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"fail2ban\", rpm:\"fail2ban~0.8.8~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:51:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5642", "CVE-2013-2178"], "description": "Check for the Version of fail2ban", "modified": "2017-07-10T00:00:00", "published": "2013-07-02T00:00:00", "id": "OPENVAS:866039", "href": "http://plugins.openvas.org/nasl.php?oid=866039", "type": "openvas", "title": "Fedora Update for fail2ban FEDORA-2013-10806", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for fail2ban FEDORA-2013-10806\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Fail2ban scans log files like /var/log/pwdfail or\n /var/log/apache/error_log and bans IP that makes too many password\n failures. It updates firewall rules to reject the IP address.\n\n To use the hostsdeny and shorewall actions you must install tcp_wrappers\n and shorewall respectively.\";\n\n\ntag_affected = \"fail2ban on Fedora 18\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(866039);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-02 10:19:26 +0530 (Tue, 02 Jul 2013)\");\n script_cve_id(\"CVE-2012-5642\", \"CVE-2013-2178\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for fail2ban FEDORA-2013-10806\");\n\n script_xref(name: \"FEDORA\", value: \"2013-10806\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-June/109967.html\");\n script_summary(\"Check for the Version of fail2ban\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"fail2ban\", rpm:\"fail2ban~0.8.10~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5642", "CVE-2013-2178"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-07-02T00:00:00", "id": "OPENVAS:1361412562310866039", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866039", "type": "openvas", "title": "Fedora Update for fail2ban FEDORA-2013-10806", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for fail2ban FEDORA-2013-10806\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866039\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-02 10:19:26 +0530 (Tue, 02 Jul 2013)\");\n script_cve_id(\"CVE-2012-5642\", \"CVE-2013-2178\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for fail2ban FEDORA-2013-10806\");\n script_xref(name:\"FEDORA\", value:\"2013-10806\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-June/109967.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'fail2ban'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"fail2ban on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"fail2ban\", rpm:\"fail2ban~0.8.10~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-20T12:26:26", "description": "This update of fail2ban fixes a startup related startup-problem and a\nsecurity problem fixed upstream (CVE-2012-5642).", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : fail2ban (openSUSE-SU-2013:0566-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5642"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:fail2ban", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2013-267.NASL", "href": "https://www.tenable.com/plugins/nessus/74950", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-267.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74950);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-5642\");\n\n script_name(english:\"openSUSE Security Update : fail2ban (openSUSE-SU-2013:0566-1)\");\n script_summary(english:\"Check for the openSUSE-2013-267 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of fail2ban fixes a startup related startup-problem and a\nsecurity problem fixed upstream (CVE-2012-5642).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=790557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=794953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-04/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fail2ban package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fail2ban\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2|SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2 / 12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"fail2ban-0.8.4-16.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"fail2ban-0.8.6-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"fail2ban-0.8.8-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fail2ban\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:54:06", "description": "Updated fail2ban package fixes security vulnerability :\n\nfail2ban before 0.8.8 didn't escape the content of \\<matches\\> (if\nused in custom action files), which could cause issues on the system\nrunning fail2ban as it scans log files, depending on what content is\nmatched, since that content could contain arbitrary symbols\n(CVE-2012-5642).", "edition": 25, "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : fail2ban (MDVSA-2013:078)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5642"], "modified": "2013-04-20T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:fail2ban"], "id": "MANDRIVA_MDVSA-2013-078.NASL", "href": "https://www.tenable.com/plugins/nessus/66092", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:078. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66092);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-5642\");\n script_bugtraq_id(56963);\n script_xref(name:\"MDVSA\", value:\"2013:078\");\n script_xref(name:\"MGASA\", value:\"2012-0372\");\n\n script_name(english:\"Mandriva Linux Security Advisory : fail2ban (MDVSA-2013:078)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated fail2ban package fixes security vulnerability :\n\nfail2ban before 0.8.8 didn't escape the content of \\<matches\\> (if\nused in custom action files), which could cause issues on the system\nrunning fail2ban as it scans log files, depending on what content is\nmatched, since that content could contain arbitrary symbols\n(CVE-2012-5642).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fail2ban package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fail2ban\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"fail2ban-0.8.6-3.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:23", "description": "Update to 0.8.8 (CVE-2012-5642 Bug #887914)\n\n - Fixes :\n\n - Alan Jenkins\n\n - [8c38907] Removed 'POSSIBLE BREAK-IN ATTEMPT' from\n sshd filter to avoid banning due to misconfigured DNS.\n Close gh-64\n\n - Yaroslav Halchenko\n\n - [83109bc] IMPORTANT: escape the content of <matches>\n (if used in custom action files) since its value could\n contain arbitrary symbols. Thanks for discovery go to\n the NBS System security team\n\n - [b159eab] do not enable pyinotify backend if pyinotify <\n 0.8.3\n\n - [37a2e59] store IP as a base, non-unicode str to avoid\n spurious messages in the console. Close gh-91\n\n - New features :\n\n - David Engeset\n\n - [2d672d1,6288ec2] 'unbanip' command for the client +\n avoidance of touching the log file to take 'banip' or\n 'unbanip' in effect. Close gh-81, gh-86\n\n - Yaroslav Halchenko\n\n - Enhancements :\n\n - [2d66f31] replaced uninformative 'Invalid command'\n message with warning log exception why command\n actually failed\n\n - [958a1b0] improved failregex to 'support' auth.backend =\n 'htdigest'\n\n - [9e7a3b7] until we make it proper module -- adjusted\n sys.path only if system-wide run\n\n - [f52ba99] downgraded 'already banned' from WARN to INFO\n level. Closes gh-79\n\n - [f105379] added hints into the log on some failure\n return codes (e.g. 0x7f00 for this gh-87)\n\n - Various others: travis-ci integration, script to run\n tests against all available Python versions, etc\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2013-01-14T00:00:00", "title": "Fedora 18 : fail2ban-0.8.8-1.fc18 (2012-20589)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5642"], "modified": "2013-01-14T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:fail2ban"], "id": "FEDORA_2012-20589.NASL", "href": "https://www.tenable.com/plugins/nessus/63496", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-20589.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63496);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5642\");\n script_bugtraq_id(56963);\n script_xref(name:\"FEDORA\", value:\"2012-20589\");\n\n script_name(english:\"Fedora 18 : fail2ban-0.8.8-1.fc18 (2012-20589)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 0.8.8 (CVE-2012-5642 Bug #887914)\n\n - Fixes :\n\n - Alan Jenkins\n\n - [8c38907] Removed 'POSSIBLE BREAK-IN ATTEMPT' from\n sshd filter to avoid banning due to misconfigured DNS.\n Close gh-64\n\n - Yaroslav Halchenko\n\n - [83109bc] IMPORTANT: escape the content of <matches>\n (if used in custom action files) since its value could\n contain arbitrary symbols. Thanks for discovery go to\n the NBS System security team\n\n - [b159eab] do not enable pyinotify backend if pyinotify <\n 0.8.3\n\n - [37a2e59] store IP as a base, non-unicode str to avoid\n spurious messages in the console. Close gh-91\n\n - New features :\n\n - David Engeset\n\n - [2d672d1,6288ec2] 'unbanip' command for the client +\n avoidance of touching the log file to take 'banip' or\n 'unbanip' in effect. Close gh-81, gh-86\n\n - Yaroslav Halchenko\n\n - Enhancements :\n\n - [2d66f31] replaced uninformative 'Invalid command'\n message with warning log exception why command\n actually failed\n\n - [958a1b0] improved failregex to 'support' auth.backend =\n 'htdigest'\n\n - [9e7a3b7] until we make it proper module -- adjusted\n sys.path only if system-wide run\n\n - [f52ba99] downgraded 'already banned' from WARN to INFO\n level. Closes gh-79\n\n - [f105379] added hints into the log on some failure\n return codes (e.g. 0x7f00 for this gh-87)\n\n - Various others: travis-ci integration, script to run\n tests against all available Python versions, etc\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=887914\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/095933.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f45b7018\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fail2ban package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fail2ban\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"fail2ban-0.8.8-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fail2ban\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:23", "description": "Update to 0.8.8 (CVE-2012-5642 Bug #887914)\n\n - Fixes :\n\n - Alan Jenkins\n\n - [8c38907] Removed 'POSSIBLE BREAK-IN ATTEMPT' from\n sshd filter to avoid banning due to misconfigured DNS.\n Close gh-64\n\n - Yaroslav Halchenko\n\n - [83109bc] IMPORTANT: escape the content of <matches>\n (if used in custom action files) since its value could\n contain arbitrary symbols. Thanks for discovery go to\n the NBS System security team\n\n - [b159eab] do not enable pyinotify backend if pyinotify <\n 0.8.3\n\n - [37a2e59] store IP as a base, non-unicode str to avoid\n spurious messages in the console. Close gh-91\n\n - New features :\n\n - David Engeset\n\n - [2d672d1,6288ec2] 'unbanip' command for the client +\n avoidance of touching the log file to take 'banip' or\n 'unbanip' in effect. Close gh-81, gh-86\n\n - Yaroslav Halchenko\n\n - Enhancements :\n\n - [2d66f31] replaced uninformative 'Invalid command'\n message with warning log exception why command\n actually failed\n\n - [958a1b0] improved failregex to 'support' auth.backend =\n 'htdigest'\n\n - [9e7a3b7] until we make it proper module -- adjusted\n sys.path only if system-wide run\n\n - [f52ba99] downgraded 'already banned' from WARN to INFO\n level. Closes gh-79\n\n - [f105379] added hints into the log on some failure\n return codes (e.g. 0x7f00 for this gh-87)\n\n - Various others: travis-ci integration, script to run\n tests against all available Python versions, etc\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-12-28T00:00:00", "title": "Fedora 17 : fail2ban-0.8.8-1.fc17 (2012-20619)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5642"], "modified": "2012-12-28T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:fail2ban"], "id": "FEDORA_2012-20619.NASL", "href": "https://www.tenable.com/plugins/nessus/63343", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-20619.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63343);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5642\");\n script_bugtraq_id(56963);\n script_xref(name:\"FEDORA\", value:\"2012-20619\");\n\n script_name(english:\"Fedora 17 : fail2ban-0.8.8-1.fc17 (2012-20619)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 0.8.8 (CVE-2012-5642 Bug #887914)\n\n - Fixes :\n\n - Alan Jenkins\n\n - [8c38907] Removed 'POSSIBLE BREAK-IN ATTEMPT' from\n sshd filter to avoid banning due to misconfigured DNS.\n Close gh-64\n\n - Yaroslav Halchenko\n\n - [83109bc] IMPORTANT: escape the content of <matches>\n (if used in custom action files) since its value could\n contain arbitrary symbols. Thanks for discovery go to\n the NBS System security team\n\n - [b159eab] do not enable pyinotify backend if pyinotify <\n 0.8.3\n\n - [37a2e59] store IP as a base, non-unicode str to avoid\n spurious messages in the console. Close gh-91\n\n - New features :\n\n - David Engeset\n\n - [2d672d1,6288ec2] 'unbanip' command for the client +\n avoidance of touching the log file to take 'banip' or\n 'unbanip' in effect. Close gh-81, gh-86\n\n - Yaroslav Halchenko\n\n - Enhancements :\n\n - [2d66f31] replaced uninformative 'Invalid command'\n message with warning log exception why command\n actually failed\n\n - [958a1b0] improved failregex to 'support' auth.backend =\n 'htdigest'\n\n - [9e7a3b7] until we make it proper module -- adjusted\n sys.path only if system-wide run\n\n - [f52ba99] downgraded 'already banned' from WARN to INFO\n level. Closes gh-79\n\n - [f105379] added hints into the log on some failure\n return codes (e.g. 0x7f00 for this gh-87)\n\n - Various others: travis-ci integration, script to run\n tests against all available Python versions, etc\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=887914\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-December/095127.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f71aac57\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fail2ban package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fail2ban\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"fail2ban-0.8.8-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fail2ban\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5642"], "description": "Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. ", "modified": "2012-12-28T03:50:56", "published": "2012-12-28T03:50:56", "id": "FEDORA:A4ABE20201", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: fail2ban-0.8.8-1.fc17", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5642"], "description": "Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. ", "modified": "2013-01-12T00:24:56", "published": "2013-01-12T00:24:56", "id": "FEDORA:CAD3221C2F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: fail2ban-0.8.8-1.fc18", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5642", "CVE-2013-2178"], "description": "Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. To use the hostsdeny and shorewall actions you must install tcp_wrappers and shorewall respectively. ", "modified": "2013-06-28T06:15:49", "published": "2013-06-28T06:15:49", "id": "FEDORA:985EB2177F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: fail2ban-0.8.10-1.fc18", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
