CVE-2009-5023 — Link Following in Fail2ban

CWE-59 — Link Following5 documents5 sources

Severity

4.7MEDIUMNVD

EPSS

0.0%

top 85.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fail2ban Debian Fail2ban

Timeline

PublishedJun 10

Latest updateMay 2

Description

The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt.

CVSS vector

AV:L/AC:M/C:N/I:C/A:NExploitability: 3.4 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/fail2ban< fail2ban 0.8.4+svn20110323-1 (bookworm)

▶Debianfail2ban/fail2ban< 0.8.4+svn20110323-1+3

▶NVDfail2ban/fail2ban0.8.4+29

🔴Vulnerability Details

GHSA

GHSA-h7g6-frrr-69cx: The (1) dshield↗2022-05-02

▶

OSV

CVE-2009-5023: The (1) dshield↗2014-06-10

▶

📋Vendor Advisories

Debian

CVE-2009-5023: fail2ban - The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) my...↗2009

▶

💬Community

Bugzilla

CVE-2009-5023 fail2ban: Use of insecure default temporary file when unbanning an IP↗2011-04-29

▶