SB2014060102 - Gentoo update for Fail2ban

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Link following (CVE-ID: CVE-2009-5023)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt.

2) Input validation error (CVE-ID: CVE-2013-2178)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request.

3) Input validation error (CVE-ID: CVE-2013-7176)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.

Remediation

Install update from vendor's website.

References

• https://security.gentoo.org/
• https://security.gentoo.org/glsa/201406-03