Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-32749: fixed possible RCE vulnerability, unset escape variable (default tild… · fail2ban/fail2ban@410a6ce

fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command mail from mailutils package used in mail actions like mail-whois can execute command if unescaped sequences (\n~) are available in “foreign” input (for instance in whois output). To exploit the vulnerability, an attacker would need to insert malicious characters into the response sent by the whois server, either via a MITM attack or by taking over a whois server. The issue is patched in versions 0.10.7 and 0.11.3. As a workaround, one may avoid the usage of action mail-whois or patch the vulnerability manually.

CVE
#vulnerability#rce#auth

Expand Up @@ -16,7 +16,7 @@ norestored = 1 actionstart = printf %%b “Hi,\n The jail <name> has been started successfully.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>” <dest> Fail2Ban"|mail -E ‘set escape’ -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
# Option: actionstop # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) Expand All @@ -25,7 +25,7 @@ actionstart = printf %%b “Hi,\n actionstop = printf %%b “Hi,\n The jail <name> has been stopped.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>” <dest> Fail2Ban"|mail -E ‘set escape’ -s "[Fail2Ban] <name>: stopped on <fq-hostname>” <dest>
# Option: actioncheck # Notes.: command executed once before each actionban command Expand All @@ -43,7 +43,7 @@ actionban = printf %%b “Hi,\n The IP <ip> has just been banned by Fail2Ban after <failures> attempts against <name>.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>” <dest> Fail2Ban"|mail -E ‘set escape’ -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
# Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the Expand Down

Related news

Gentoo Linux Security Advisory 202310-13

Gentoo Linux Security Advisory 202310-13 - A vulnerability has been discovered in Mailutils where escape sequences are processed in a context where this may lead to RCE. Versions greater than or equal to 3.12-r3 are affected.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907