** Description changed: Binary package hint: fail2ban According to CVE 2006-6302 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6302) fail2ban 0.6.1 and below is vulnerable to log injection techniques, which can lead to the wrong IP address being banned. This can result in denial of service. Ubuntu 6.06 (Dapper) uses fail2ban-0.6.0-3.deb - Ubuntu 6.10 (Edgy) uses 0.6.1-8.deb + Ubuntu 6.10 (Edgy) uses fail2ban-0.6.1-8.deb Both are still vulnerable. There is a very similar vulnerability reported here: http://www.ossec.net/en/attacking-loganalysis.html#fail2ban However, I am unsure whether this is specific to fail2ban version 0.8
-- Denial of service through log injection in fail2ban https://bugs.launchpad.net/bugs/121374 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
