11 matches found
GLSA-202310-13 : GNU Mailutils: unexpected processsing of escape sequences
The remote host is affected by the vulnerability described in GLSA-202310-13 GNU Mailutils: unexpected processsing of escape sequences - fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, ther...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Fail2ban vulnerability (USN-5232-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5232-1 advisory. Jakub oczek discovered that certain Fail2ban actions handled whois responses in an insecure way. If Fail2ban was configured to use certain...
Mageia: Security Advisory (MGASA-2021-0464)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for fail2ban (FEDORA-2021-a18b79d182)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
FreeBSD : fail2ban -- possible RCE vulnerability in mailing action using mailutils (c848059a-318b-11ec-aa15-0800270512f4)
Jakub Zoczek reports : Command mail from mailutils package used in mail actions like mail-whois can execute command if unescaped sequences \n are available in 'foreign' input for instance in whois output. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...
openSUSE 15 Security Update : fail2ban (openSUSE-SU-2021:1274-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1274-1 advisory. - fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 throug...
openSUSE: Security Advisory for fail2ban (openSUSE-SU-2021:1274-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for fail2ban (important)
openSUSE Security Update: Security update for fail2ban Announcement ID: openSUSE-SU-2021:1274-1 Rating: important References: 1145181 1146856 1180738 1188610 Cross-References: CVE-2021-32749 CVSS scores: CVE-2021-32749 NVD : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products:...
CVE-2021-32749
creationtimestamp| type| source ---|---|--- 2021-08-02 11:03:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3974 2021-08-23 16:09:03+00:00| seen| MISP/29eba91f-a00b-4ee9-b3d3-3771b0ce1240 2024-11-14 06:09:45+00:00| seen| MISP/f4c535ee-a3a1-4a60-a7f7-66209fa54e86...
CVE-2021-32749 Possible RCE vulnerability in mailing action using mailutils (mail-whois)
fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command mail from mailutils package...
CVE-2021-32749
CVE-2021-32749 affects fail2ban before fixed versions. A vulnerability in the mailing action mail-whois allows remote code execution if unescaped sequences (\n~) in foreign input (e.g., whois outputs) are processed by the mail command. Exploitation requires attacker-supplied input via MITM or com...