Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.0138
Fail2ban postfix and cyrus-imap filters contain
denial-of-service vulnerabilities
3 February 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Fail2ban
Publisher: US-CERT
Operating System: UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2013-7177 CVE-2013-7176
Original Bulletin:
http://www.kb.cert.org/vuls/id/686662
- --------------------------BEGIN INCLUDED TEXT--------------------
Vulnerability Note VU#686662
Fail2ban postfix and cyrus-imap filters contain denial-of-service
vulnerabilities
Original Release date: 28 Jan 2014 | Last revised: 28 Jan 2014
Fail2ban versions prior to 0.8.11 are susceptible to a denial-of-service attack
when a maliciously crafted email address is parsed by the postfix or
cyrus-imap filters. If users have not deployed either of these filters then
they are not affected.
Description
Fail2ban versions prior to 0.8.11 are susceptible to a denial-of-service attack
when a maliciously crafted email address is parsed by the postfix or cyrus-imap
filters. An attacker can cause arbitrary IP addresses to be blocked by fail2ban.
CVE-2013-7177: cyrus-imap
https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087
CVE-2013-7176: postfix
https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821
Impact
A remote unauthenticated attacker may cause arbitrary IP addresses to be
blocked by Fail2ban causing legitimate users to be blocked from accessing
services protected by Fail2ban.
Solution
Apply an Update
Fail2Ban 0.8.11 addresses these vulnerabilities. Users are advised to upgrade
to Fail2ban 0.8.11 or later.
Vendor Information (Learn More)
Vendor Status Date Notified Date Updated
Fail2ban Affected - 23 Jan 2014
If you are a vendor and your product is affected, let us know.
CVSS Metrics (Learn More)
Group Score Vector
Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C
Temporal 6.4 E:F/RL:OF/RC:C
Environmental 4.8 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND
References
http://www.fail2ban.org
https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087
https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821
Credit
Thanks to Steven Hiscocks for reporting this vulnerability.
This document was written by Jared Allar.
Other Information
CVE IDs: CVE-2013-7176 CVE-2013-7177
Date Public: 20 Jan 2014
Date First Published: 28 Jan 2014
Date Last Updated: 28 Jan 2014
Document Revision: 13
Feedback
If you have feedback, comments, or additional information about this
vulnerability, please send us email.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUu8wKRLndAQH1ShLAQKd7Q//eRSyTIWOck+gD+Gx+AEh1Ux94ai4ZQxx
HZEGxcpTqfN6HCflPLjhLsCwzIOz7KnBhEVFpPrKlYI633x0mKo/J3knJAnqcLgg
I1oIlGcTCiVa/bW++Fs6cNsW24aVkkzy2/CIcuTi8cEZNdsa8ZaQSQBDhCROpLsM
yEVs4u6oUSrzbBTzYW4mLFRNwX5vPzmTKi5qZC6KwNPNYmHdcVD2ay+iiWPb7yJL
vgL/x6V6skSNTLNP5ooTFgBcpXJb6C6eczHX7hIqdtoc7foxDxMYH6fxCKW5o7eF
8EALusV26oPjeJvRGnawUzBlieuc0HJOnsQYWC5uNUQ+bfOBtehoOmCxGJSuvi7s
AGaUxiecfO3d536XXnulSfhUCIzHdRRPSY7LJEWeFD0WWV7yQlTc261JtFUlbQwm
8+LcB4jr3YpIJgANmJiKJQVeKwp51Setwm7x1pA5gjpfljVWPU8osJGhsDSoyXo5
ILtpmxQN1aSC8CcFYAoHP+hC5CTwwDU3HapTCQBg9HOzgvVspUEjU7e3bzFzA2S8
uaZBS6ADSWGlAn51RMomcSqEV3X7hE3EJwksYb3XX/GKLg/x131HVOCRspZ3hT2b
CeAxRDyY/YxvP0sjekXWcghqQ3gLSZ+NUlcs0c6DMEIwDD4DHYb/3Z3784UwLZOb
gD/Wmay7lCg=
=3PYX
-----END PGP SIGNATURE-----