CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:N/I:C/A:N
AI Score
Confidence
Low
EPSS
Percentile
5.1%
The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt.
Vendor | Product | Version | CPE |
---|---|---|---|
fail2ban | fail2ban | * | cpe:2.3:a:fail2ban:fail2ban:*:*:*:*:*:*:*:* |
fail2ban | fail2ban | 0.1.0 | cpe:2.3:a:fail2ban:fail2ban:0.1.0:*:*:*:*:*:*:* |
fail2ban | fail2ban | 0.1.1 | cpe:2.3:a:fail2ban:fail2ban:0.1.1:*:*:*:*:*:*:* |
fail2ban | fail2ban | 0.1.2 | cpe:2.3:a:fail2ban:fail2ban:0.1.2:*:*:*:*:*:*:* |
fail2ban | fail2ban | 0.3.0 | cpe:2.3:a:fail2ban:fail2ban:0.3.0:*:*:*:*:*:*:* |
fail2ban | fail2ban | 0.3.1 | cpe:2.3:a:fail2ban:fail2ban:0.3.1:*:*:*:*:*:*:* |
fail2ban | fail2ban | 0.4.0 | cpe:2.3:a:fail2ban:fail2ban:0.4.0:*:*:*:*:*:*:* |
fail2ban | fail2ban | 0.4.1 | cpe:2.3:a:fail2ban:fail2ban:0.4.1:*:*:*:*:*:*:* |
fail2ban | fail2ban | 0.5.0 | cpe:2.3:a:fail2ban:fail2ban:0.5.0:*:*:*:*:*:*:* |
fail2ban | fail2ban | 0.5.1 | cpe:2.3:a:fail2ban:fail2ban:0.5.1:*:*:*:*:*:*:* |