Fail2Ban Remote Denial of Service Vulnerability

Bugtraq ID:	21469
Class:	Design Error
CVE:	CVE-2006-6302
Remote:	Yes
Local:	No
Published:	Dec 06 2006 12:00AM
Updated:	Jun 06 2007 11:10PM
Credit:	Tavis Ormandy <[email protected]> discovered this vulnerability.
Vulnerable:	Gentoo net-analyzer/fail2ban 0.6.1 Cyril Jaquier Fail2Ban 0.6.1 Cyril Jaquier Fail2Ban 0
Not Vulnerable:	Gentoo net-analyzer/fail2ban 0.6.2 Cyril Jaquier Fail2Ban 6.2

Fail2Ban Remote Denial of Service Vulnerability

Fail2Ban is prone to a remote denial-of-service vulnerability because the application fails to properly ensure the source of authentication failure messages.

Successfully exploiting this issue allows remote attackers to add arbitrary IP addresses to the block list used by the application. This allows attackers to deny further network access to arbitrary IP addresses, denying service to legitimate users.

Fail2Ban 0.6.1 and prior versions are vulnerable to this issue.

Fail2Ban Remote Denial of Service Vulnerability

Attackers use standard SSH-client software to exploit this issue.

Fail2Ban Remote Denial of Service Vulnerability

Solution:
The vendor released version 0.6.2 to address this issue. Please see the references for more information.

Fail2Ban Remote Denial of Service Vulnerability

References:

• Bugzilla Bug 157166 (Tavis Ormandy )
  
• Fail2Ban Changelog (Fail2ban)
  
• Fail2ban Home Page (Cyril Jaquier)
  
• Remote log injection on DenyHosts,Fail2ban and BlockHosts (Daniel Cid )