Mandriva Linux Security Advisory : fail2ban (MDVSA-2013:078)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Updated fail2ban package fixes security vulnerability :

fail2ban before 0.8.8 didn't escape the content of \<matches\> (if
used in custom action files), which could cause issues on the system
running fail2ban as it scans log files, depending on what content is
matched, since that content could contain arbitrary symbols
(CVE-2012-5642).

Solution :

Update the affected fail2ban package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 66092 ()

Bugtraq ID: 56963

CVE ID: CVE-2012-5642

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now