Debian Fail2Ban vulnerabilities

9 known vulnerabilities affecting debian/fail2ban.

Total CVEs
9
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM5LOW4

Vulnerabilities

Page 1 of 1
CVE-2021-32749MEDIUMCVSS 6.1fixed in fail2ban 0.11.2-2 (bookworm)2021
CVE-2021-32749 [MEDIUM] CVE-2021-32749: fail2ban - fail2ban is a daemon to ban hosts that cause multiple authentication errors. In ... fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if unesc
debian
CVE-2013-7176MEDIUMCVSS 5.0fixed in fail2ban 0.8.11-1 (bookworm)2013
CVE-2013-7176 [MEDIUM] CVE-2013-7176: fail2ban - config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 all... config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression. Scope: local bookworm: resolved (fixed in 0.8.11-1) bullseye: resolved (fixed in 0.8.11-1) forky: resolved (fixed in 0.8.11-1) sid
debian
CVE-2013-7177MEDIUMCVSS 5.0fixed in fail2ban 0.8.11-1 (bookworm)2013
CVE-2013-7177 [MEDIUM] CVE-2013-7177: fail2ban - config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.... config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression. Scope: local bookworm: resolved (fixed in 0.8.11-1) bullseye: resolved (fixed in 0.8.11-1) forky: resolved (fixed in 0.8.11-
debian
CVE-2013-2178MEDIUMCVSS 5.0fixed in fail2ban 0.8.10-1 (bookworm)2013
CVE-2013-2178 [MEDIUM] CVE-2013-2178: fail2ban - The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overf... The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request. Scope: local bookworm: resolved (fixed in 0.8.10-1) bullseye: resolved (fixed in 0.8.10-1) forky: resolved (f
debian
CVE-2012-5642LOWCVSS 7.5fixed in fail2ban 0.8.6-3wheezy1 (bookworm)2012
CVE-2012-5642 [HIGH] CVE-2012-5642: fail2ban - server/action.py in Fail2ban before 0.8.8 does not properly handle the content o... server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content. Scope: local bookworm: resolved (fixed in 0.8.6-3wheezy1) bullseye: resolved (fixed in 0.8.6-3wheezy1) forky: resolved (fixed in 0.8.6-3wheezy1
debian
CVE-2009-5023LOWCVSS 4.7fixed in fail2ban 0.8.4+svn20110323-1 (bookworm)2009
CVE-2009-5023 [MEDIUM] CVE-2009-5023: fail2ban - The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) my... The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt. Scope: local bookworm: resolved (fixed in 0.8.4+svn20110323-1) bullsey
debian
CVE-2009-0362LOWCVSS 6.8fixed in fail2ban 0.8.3-2sid1 (bookworm)2009
CVE-2009-0362 [MEDIUM] CVE-2009-0362: fail2ban - filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that... filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321. Scope: local bookworm: resolved (fix
debian
CVE-2007-4321MEDIUMCVSS 5.0PoCfixed in fail2ban 0.8.0-4 (bookworm)2007
CVE-2007-4321 [MEDIUM] CVE-2007-4321: fail2ban - fail2ban 0.8 and earlier does not properly parse sshd log files, which allows re... fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector
debian
CVE-2006-6302LOWCVSS 5.02006
CVE-2006-6302 [MEDIUM] CVE-2006-6302: fail2ban - fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows ... fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address. Scope: local bookworm: resolved
debian