Vulnerabilities > CVE-2006-6302 - Remote Denial of Service vulnerability in Fail2Ban

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

fail2ban

nessus

NVD

Published: 2006-12-06

Updated: 2017-07-29

Summary

fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address.

Vulnerable Configurations

Part	Description	Count
Application	Fail2Ban Fail2Ban Fail2Ban 0.1.0 Fail2Ban Fail2Ban 0.1.1 Fail2Ban Fail2Ban 0.1.2 Fail2Ban Fail2Ban 0.3.0 Fail2Ban Fail2Ban 0.3.1 Fail2Ban Fail2Ban 0.4.0 Fail2Ban Fail2Ban 0.4.1 Fail2Ban Fail2Ban 0.5.0 Fail2Ban Fail2Ban 0.5.1 Fail2Ban Fail2Ban 0.5.2 Fail2Ban Fail2Ban 0.5.3 Fail2Ban Fail2Ban 0.5.4 Fail2Ban Fail2Ban 0.5.5 Fail2Ban Fail2Ban 0.6.0 Fail2Ban Fail2Ban 0.6.1 Fail2Ban Fail2Ban 0.7.0 Fail2Ban Fail2Ban 0.7.1 Fail2Ban Fail2Ban 0.7.2 Fail2Ban Fail2Ban 0.7.3 Fail2Ban Fail2Ban 0.7.4	20

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200702-05.NASL
description	The remote host is affected by the vulnerability described in GLSA-200702-05 (Fail2ban: Denial of Service) A flaw in the method used to parse log entries allows remote, unauthenticated attackers to forge authentication attempts from other hosts. Impact : A remote attacker can add arbitrary hosts to the block list, denying legitimate users access to a resource. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	24362
published	2007-02-17
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24362
title	GLSA-200702-05 : Fail2ban: Denial of Service
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200702-05. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(24362); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-6302"); script_xref(name:"GLSA", value:"200702-05"); script_name(english:"GLSA-200702-05 : Fail2ban: Denial of Service"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200702-05 (Fail2ban: Denial of Service) A flaw in the method used to parse log entries allows remote, unauthenticated attackers to forge authentication attempts from other hosts. Impact : A remote attacker can add arbitrary hosts to the block list, denying legitimate users access to a resource. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200702-05" ); script_set_attribute( attribute:"solution", value: "All Fail2ban users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/fail2ban-0.6.2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:fail2ban"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/02/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/17"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-analyzer/fail2ban", unaffected:make_list("ge 0.6.2"), vulnerable:make_list("lt 0.6.2"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Fail2ban"); }

Summary

Vulnerable Configurations

Nessus

References