4 matches found
openSUSE Security Update : fail2ban (openSUSE-SU-2011:1175-1)
fail2ban IP used insecure temporary files when unbanning an IP address CVE-2009-5023. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update fail2ban-5301. The text description of this plugin is C SU...
openSUSE Security Update : fail2ban (openSUSE-SU-2011:1175-1)
fail2ban IP used insecure temporary files when unbanning an IP address CVE-2009-5023. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update fail2ban-5301. The text description of this plugin is C SU...
CVE-2009-5023
The 1 dshield.conf, 2 mail-buffered.conf, 3 mynetwatchman.conf, and 4 mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt...
CVE-2009-5023
CVE-2009-5023 affects Fail2ban prior to 0.8.5. A symlink race in temporary files used by actions (notably in action.d/ and the files dshield.conf, mail-buffered.conf, mynetwatchman.conf) allows local users to write to arbitrary files, demonstrated by /tmp/fail2ban-mail.txt. Root cause: predictabl...