Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4321Improper Authentication in Fail2ban

CWE-287Improper Authentication16 documents7 sources
Severity
6.8MEDIUMNVD
NVD4.0OSV5.0
EPSS
12.1%
top 6.17%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Fail2banDebian Fail2ban
Timeline
PublishedAug 14
Latest updateMay 2

Description

fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

debiandebian/fail2ban< fail2ban 0.8.0-4 (bookworm)+1
Debianfail2ban/fail2ban< 0.8.3-2sid1+7
NVDfail2ban/fail2ban0.8, 0.8.3+1

🔴Vulnerability Details

4
GHSA
GHSA-rc77-w9xr-6vvf: filter2022-05-02
GHSA
GHSA-5jfx-9p58-q8pj: fail2ban 02022-05-01
OSV
CVE-2009-0362: filter2009-02-13
OSV
CVE-2007-4321: fail2ban 02007-08-14

💥Exploits & PoCs

5
Exploit-DB
OpenH323 Opal SIP Protocol - Remote Denial of Service2009-07-24
Exploit-DB
Ekiga 2.0.5 - 'GetHostAddress' Remote Denial of Service2009-07-24
Exploit-DB
FSFDT v3.000 d9 - 'HELP' Remote Buffer Overflow2007-10-04
Exploit-DB
FSD 2.052/3.000 - 'sysuser.cc sysuser::exechelp' 'HELP' Remote Overflow2007-10-01
Exploit-DB
Fail2ban 0.8 - Remote Denial of Service2007-07-28

📋Vendor Advisories

3
Red Hat
fail2ban: remote DoS via crafted domain names2009-02-04
Debian
CVE-2009-0362: fail2ban - filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that...2009
Debian
CVE-2007-4321: fail2ban - fail2ban 0.8 and earlier does not properly parse sshd log files, which allows re...2007

💬Community

2
Bugzilla
CVE-2009-0362 fail2ban: remote DoS via crafted domain names2009-02-13
Bugzilla
CVE-2007-4584 Buffer overflow in IrcII by long MODE from server2007-09-24
CVE-2007-4321 — Improper Authentication in Fail2ban | cvebase