Yaroslav, this is a quote from you in the Debian report:
"This issue had been fixed in debian long ago see bug 330827 I think"
debian/changelog for the ubuntu package contains:
fail2ban (0.5.4-5) unstable; urgency=low
* Made failregex'es more specific to don't allow usernames to be used as a
tool for denial of service attacks. Config files (or at least
failregex'es) must be updated from this package, otherwise the security
breach would remain open and only warning gets issued (closes: #330827)
Therefore, I wasn't sure whether it was fixed or not. Here are the
versions we have, with the regex:
Dapper (0.6.0-3) has :
failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?:
[iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED)
.*(?: from|FROM) <HOST>
Edgy (0.6.1-8) has:
failregex = : (?:(?:Authentication failure|Failed [-/\w+]+) for(?:
[iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED)
.*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)
Feisty (0.7.6-3ubuntu1):
failregex = (?:Authentication failure|Failed [-/\w+]+) for(?:
[iI](?:llegal|nvalid))? user .*(?: from|FROM) <HOST>
ROOT LOGIN REFUSED .* FROM <HOST>
[iI](?:llegal|nvalid) user .* from <HOST>
Gutsy is 0.8.1-1 and Hardy 0.8.1-3.
Dapper, Edgy, Gutsy, and Hardy are the debian packages of the same
version. Feisty is 0.7.6-3, with a small change to debian/rules.
--
Denial of service through log injection in fail2ban
https://bugs.launchpad.net/bugs/121374
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
