Your message dated Tue, 5 Feb 2008 12:00:00 -0500
with message-id <[EMAIL PROTECTED]>
and subject line given issue was resolved in the recent security upload
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: fail2ban
Version: 0.7.5-2
Severity: grave
Tags: security

Hi,
CVE-2007-4321[0]:

fail2ban 0.8 and earlier does not properly parse sshd log 
files, which allows remote attackers to add arbitrary hosts 
to the /etc/hosts.deny file and cause a denial of service by 
adding arbitrary IP addresses to the sshd log file, as 
demonstrated by logging in via ssh with a client protocol 
version identification containing an IP address string, a 
different vector than CVE-2006-6302.

If you fix this issue, please include the CVE id in the 
changelog entry.

You can find a patch for this problem on:
http://www.ossec.net/en/attacking-loganalysis.html#patches

Kind regards
Nico
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4321

-- 
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpk6Uw6VowrY.pgp
Description: PGP signature


--- End Message ---
--- Begin Message ---
I thought closes wasn't needed in that changelog entry but apparently
since it was found in etch's version, bug remained opened. Here is
relevant changelog entry for this bug:


fail2ban (0.7.5-2etch1) stable-security; urgency=high

  * Propagated fix for asctime pattern from 0.7.8 release (closes: #421848)
  * Propagated fix for not closed log files from 0.7.8-1
    (closes: #439962,434368)
  * Propagated fix for "reload" bug which is as sever as #439962 and just
    never was hit by any Debian user yet
  * Added patch 00_numeric_iptables-L to avoid possible DoS attacks
    (introduced upstream in 0.7.6)
  * Propagated "Fixed removal of host in hosts.deny" from 0.7.6, to prevent
    possible DoS
  * CVE-2007-4321: anchored sshd and vsftpd failregex at the end of line
    to prevent DoS on those services. This issue was resolved in sid's version
    0.8.0-4 (bugreport 438187).

 -- Yaroslav Halchenko <[EMAIL PROTECTED]>  Tue, 01 May 2007 22:18:03 -0400



-- 
Yaroslav Halchenko
Research Assistant, Psychology Department, Rutgers-Newark
Student  Ph.D. @ CS Dept. NJIT
Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171
        101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102
WWW:     http://www.linkedin.com/in/yarik        


--- End Message ---

Reply via email to