DSA-1456-1 fail2ban -- programming error

Debian Security Advisory

DSA-1456-1 fail2ban -- programming error

Date Reported:

09 Jan 2008

Affected Packages:

fail2ban

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2007-4321.

More information:

Daniel B. Cid discovered that fail2ban, a tool to block IP addresses that cause login failures, is too liberal about parsing SSH log files, allowing an attacker to block any IP address.

The old stable distribution (sarge) doesn't contain fail2ban.

For the stable distribution (etch), this problem has been fixed in version 0.7.5-2etch4.

For the unstable distribution (sid), this problem has been fixed in version 0.8.0-4.

We recommend that you upgrade your fail2ban package.

Fixed in:

Debian GNU/Linux 4.0 (stable)

Source:

http://security.debian.org/pool/updates/main/f/fail2ban/fail2ban_0.7.5-2etch4.dsc

http://security.debian.org/pool/updates/main/f/fail2ban/fail2ban_0.7.5-2etch4.diff.gz

http://security.debian.org/pool/updates/main/f/fail2ban/fail2ban_0.7.5.orig.tar.gz

Architecture-independent component:

http://security.debian.org/pool/updates/main/f/fail2ban/fail2ban_0.7.5-2etch4_all.deb

MD5 checksums of the listed files are available in the original advisory.