Fail2ban 0.8.9, Denial of Service (Apache rules only)
--Apple-Mail=_9AAEC6B0-6502-44BD-BEB6-5979D5A06A9F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
Version 0.8.9 (latest) of Fail2ban allows to perform remote denial of =
service for arbitrary chosen IP address. Address listed on Fail2ban's =
whitelist are not affected. The vulnerability exists in Apache rules and =
it is caused by improper validation of a log file by regular expression. =
Malicious user can easily inject his own data to analyzed logs and =
deceive monitoring engine.
Affected files:
/filter.d/apache-auth.conf
/filter.d/apache-nohome.conf
/filter.d/apache-noscript.conf
/filter.d/apache-overflows.conf
Time frames:
01.06.2013 - Cyril Jaquier (contact section) has been informed about the =
vulnerability (no response)
08.06.2013 - The vulnerability has been released to the public.
More information, including proof of concept and patches is available =
here:
https://vndh.net/note:fail2ban-089-denial-service
--Apple-Mail=_9AAEC6B0-6502-44BD-BEB6-5979D5A06A9F
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
iQIcBAEBCgAGBQJRssS1AAoJEEJGP6nEM7RcDVYP+wQHNBPEfOz/Gv9Bi1jelWHk
jELhAgNr3uCHPI47+XWpgF+/srfZppOS2pi0JMj4LAPhOhwbarzpYBz/O/VnDEs0
Ueg/Mh7wR9xi3SM72QEOtGQVcTzGTHuTZPDZ2hCRrGiz6P6ndC2nD/R3qiS+Q2Xr
I4KQXttXCaWx/wSV1cNQfJLC8Gua8zpSF3wX9d7HneHSVQ9F/mLNNn1i+Kr3DhXp
bsOE/f9r0UmyUe/mJQr7YpboNdbHZkS9hcecf4AdXbgxBoekA+ZZSXEU3uHrnf98
Ja6JaKF540kejpOyaKZFO4XQSIX43dAgLHsNrj2E+/S3fVkI7wXiAiMBPUwGvRvn
N2FA+M302IBK6YUiZQ4nTS97NbMLbwNcbU1sYhFBaXHrwJB5WKth+NX3nY/IsBVl
yB1/ujGr5hjQZ879xPQcXy3tKc1rvx676qBOOSBJ3gDMA/8U9yr1tQkL3kXUulfp
D1uBtd9hLAQKDHzb7HqhDe3WULaSRcBCnxImJ7tBjHxzYubxQsfluHXIkAWLTHJ7
7VPQA9lz5tTz8URebVxU7bV4ZtOOYohcYHD+hTJkF5g0toJxJufpQCNgTrJznXju
JPoZYWBE1D6b94Q05fEq7SaqbJr2bFfyXxfwwLTOfCwtQ6lL+kw4aT0IPPt+eZ7Q
G6ihmwWrltiI3a6ODgH0
=3WEK
-----END PGP SIGNATURE-----
--Apple-Mail=_9AAEC6B0-6502-44BD-BEB6-5979D5A06A9F--