8 matches found
Authentication flaw
filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service forced authentication failures via a crafted reverse-resolved DNS name rhost entry that contains a substring that is interpreted as an IP address, a different...
CVE-2009-0362
filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service forced authentication failures via a crafted reverse-resolved DNS name rhost entry that contains a substring that is interpreted as an IP address, a different...
Gentoo Security Advisory GLSA 200707-13 (fail2ban)
The remote host is missing updates announced in advisory GLSA 200707-13. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1456-1 (fail2ban)
The remote host is missing an update to fail2ban announced via advisory DSA 1456-1. OpenVAS Vulnerability Test $Id: deb14561.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1456-1 fail2ban Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
Debian DSA-1456-1 : fail2ban - programming error
Daniel B. Cid discovered that fail2ban, a tool to block IP addresses that cause login failures, is too liberal about parsing SSH log files, allowing an attacker to block any IP address. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...
[SECURITY] [DSA 1456-1] New fail2ban packages fix denial of service
------------------------------------------------------------------------ Debian Security Advisory DSA-1456-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 09, 2008 http://www.debian.org/security/faq -...
CVE-2007-4321
fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol versi...
CVE-2007-4321
CVE-2007-4321 affects fail2ban 0.8 and earlier. The issue arises from improper parsing of sshd log entries, allowing remote attackers to cause denial of service by adding arbitrary IP addresses to /etc/hosts.deny, e.g., by logging in with an SSH client version string containing an IP. Affected de...