Your message dated Tue, 5 Feb 2008 12:00:00 -0500
with message-id <[EMAIL PROTECTED]>
and subject line given issue was resolved in the recent security upload
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: fail2ban
Version: 0.7.5-2
Severity: grave
Tags: security
Hi,
CVE-2007-4321[0]:
fail2ban 0.8 and earlier does not properly parse sshd log
files, which allows remote attackers to add arbitrary hosts
to the /etc/hosts.deny file and cause a denial of service by
adding arbitrary IP addresses to the sshd log file, as
demonstrated by logging in via ssh with a client protocol
version identification containing an IP address string, a
different vector than CVE-2006-6302.
If you fix this issue, please include the CVE id in the
changelog entry.
You can find a patch for this problem on:
http://www.ossec.net/en/attacking-loganalysis.html#patches
Kind regards
Nico
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4321
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpk6Uw6VowrY.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
I thought closes wasn't needed in that changelog entry but apparently
since it was found in etch's version, bug remained opened. Here is
relevant changelog entry for this bug:
fail2ban (0.7.5-2etch1) stable-security; urgency=high
* Propagated fix for asctime pattern from 0.7.8 release (closes: #421848)
* Propagated fix for not closed log files from 0.7.8-1
(closes: #439962,434368)
* Propagated fix for "reload" bug which is as sever as #439962 and just
never was hit by any Debian user yet
* Added patch 00_numeric_iptables-L to avoid possible DoS attacks
(introduced upstream in 0.7.6)
* Propagated "Fixed removal of host in hosts.deny" from 0.7.6, to prevent
possible DoS
* CVE-2007-4321: anchored sshd and vsftpd failregex at the end of line
to prevent DoS on those services. This issue was resolved in sid's version
0.8.0-4 (bugreport 438187).
-- Yaroslav Halchenko <[EMAIL PROTECTED]> Tue, 01 May 2007 22:18:03 -0400
--
Yaroslav Halchenko
Research Assistant, Psychology Department, Rutgers-Newark
Student Ph.D. @ CS Dept. NJIT
Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171
101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102
WWW: http://www.linkedin.com/in/yarik
--- End Message ---