Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0138 Fail2ban postfix and cyrus-imap filters contain denial-of-service vulnerabilities 3 February 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Fail2ban Publisher: US-CERT Operating System: UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-7177 CVE-2013-7176 Original Bulletin: http://www.kb.cert.org/vuls/id/686662 - --------------------------BEGIN INCLUDED TEXT-------------------- Vulnerability Note VU#686662 Fail2ban postfix and cyrus-imap filters contain denial-of-service vulnerabilities Original Release date: 28 Jan 2014 | Last revised: 28 Jan 2014 Fail2ban versions prior to 0.8.11 are susceptible to a denial-of-service attack when a maliciously crafted email address is parsed by the postfix or cyrus-imap filters. If users have not deployed either of these filters then they are not affected. Description Fail2ban versions prior to 0.8.11 are susceptible to a denial-of-service attack when a maliciously crafted email address is parsed by the postfix or cyrus-imap filters. An attacker can cause arbitrary IP addresses to be blocked by fail2ban. CVE-2013-7177: cyrus-imap https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087 CVE-2013-7176: postfix https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821 Impact A remote unauthenticated attacker may cause arbitrary IP addresses to be blocked by Fail2ban causing legitimate users to be blocked from accessing services protected by Fail2ban. Solution Apply an Update Fail2Ban 0.8.11 addresses these vulnerabilities. Users are advised to upgrade to Fail2ban 0.8.11 or later. Vendor Information (Learn More) Vendor Status Date Notified Date Updated Fail2ban Affected - 23 Jan 2014 If you are a vendor and your product is affected, let us know. CVSS Metrics (Learn More) Group Score Vector Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C Temporal 6.4 E:F/RL:OF/RC:C Environmental 4.8 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND References http://www.fail2ban.org https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087 https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821 Credit Thanks to Steven Hiscocks for reporting this vulnerability. This document was written by Jared Allar. Other Information CVE IDs: CVE-2013-7176 CVE-2013-7177 Date Public: 20 Jan 2014 Date First Published: 28 Jan 2014 Date Last Updated: 28 Jan 2014 Document Revision: 13 Feedback If you have feedback, comments, or additional information about this vulnerability, please send us email. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUu8wKRLndAQH1ShLAQKd7Q//eRSyTIWOck+gD+Gx+AEh1Ux94ai4ZQxx HZEGxcpTqfN6HCflPLjhLsCwzIOz7KnBhEVFpPrKlYI633x0mKo/J3knJAnqcLgg I1oIlGcTCiVa/bW++Fs6cNsW24aVkkzy2/CIcuTi8cEZNdsa8ZaQSQBDhCROpLsM yEVs4u6oUSrzbBTzYW4mLFRNwX5vPzmTKi5qZC6KwNPNYmHdcVD2ay+iiWPb7yJL vgL/x6V6skSNTLNP5ooTFgBcpXJb6C6eczHX7hIqdtoc7foxDxMYH6fxCKW5o7eF 8EALusV26oPjeJvRGnawUzBlieuc0HJOnsQYWC5uNUQ+bfOBtehoOmCxGJSuvi7s AGaUxiecfO3d536XXnulSfhUCIzHdRRPSY7LJEWeFD0WWV7yQlTc261JtFUlbQwm 8+LcB4jr3YpIJgANmJiKJQVeKwp51Setwm7x1pA5gjpfljVWPU8osJGhsDSoyXo5 ILtpmxQN1aSC8CcFYAoHP+hC5CTwwDU3HapTCQBg9HOzgvVspUEjU7e3bzFzA2S8 uaZBS6ADSWGlAn51RMomcSqEV3X7hE3EJwksYb3XX/GKLg/x131HVOCRspZ3hT2b CeAxRDyY/YxvP0sjekXWcghqQ3gLSZ+NUlcs0c6DMEIwDD4DHYb/3Z3784UwLZOb gD/Wmay7lCg= =3PYX -----END PGP SIGNATURE-----