0.8.0-2 is still affected. either upcomming -3 or 0.8.1 should fix the problem
On Thu, 21 Jun 2007, Chris Fryer wrote: > ** Description changed: > Binary package hint: fail2ban > According to CVE 2006-6302 > (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6302) fail2ban 0.6.1 and > below is vulnerable to log injection techniques, which can lead to the > wrong IP address being banned. This can result in denial of service. > Ubuntu 6.06 (Dapper) uses fail2ban-0.6.0-3.deb > - Ubuntu 6.10 (Edgy) uses 0.6.1-8.deb > + Ubuntu 6.10 (Edgy) uses fail2ban-0.6.1-8.deb > Both are still vulnerable. > There is a very similar vulnerability reported here: > http://www.ossec.net/en/attacking-loganalysis.html#fail2ban > However, I am unsure whether this is specific to fail2ban version 0.8 -- Yaroslav Halchenko Research Assistant, Psychology Department, Rutgers-Newark Student Ph.D. @ CS Dept. NJIT Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171 101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102 WWW: http://www.linkedin.com/in/yarik -- Denial of service through log injection in fail2ban https://bugs.launchpad.net/bugs/121374 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
