cbcvebase.
CVE-2007-4321
published 2007-08-14

CVE-2007-4321: fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a…

PriorityP333medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
5.75%
92.1th percentile
fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianfail2ban< fail2ban 0.8.0-4 (bookworm)fail2ban 0.8.0-4 (bookworm)
debianfail2ban< fail2ban 0.8.3-2sid1 (bookworm)fail2ban 0.8.3-2sid1 (bookworm)
fail2banfail2ban
fail2banfail2ban
fail2banfail2ban>= 0 < 0.8.3-2sid10.8.3-2sid1
fail2banfail2ban>= 0 < 0.8.0-40.8.0-4
fail2banfail2ban>= 0 < 0.8.3-2sid10.8.3-2sid1
fail2banfail2ban>= 0 < 0.8.0-40.8.0-4
fail2banfail2ban>= 0 < 0.8.3-2sid10.8.3-2sid1
fail2banfail2ban>= 0 < 0.8.0-40.8.0-4
fail2banfail2ban>= 0 < 0.8.3-2sid10.8.3-2sid1
fail2banfail2ban>= 0 < 0.8.0-40.8.0-4

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.