Mandriva Linux Security Advisory : fail2ban (MDVSA-2013:191)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Updated fail2ban packages fix CVE-2013-2178

Krzysztof Katowicz-Kowalewski discovered a vulnerability in Fail2ban,
a log monitoring and system which can act on attack by preventing
hosts to connect to specified services using the local firewall.

When using Fail2ban to monitor Apache logs, improper input validation
in log parsing could enable a remote attacker to trigger an IP ban on
arbitrary addresses, thus causing a denial of service (CVE-2013-2178).

See also :

http://advisories.mageia.org/MGASA-2013-0192.html

Solution :

Update the affected fail2ban package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.9
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 67136 ()

Bugtraq ID: 60467

CVE ID: CVE-2013-2178

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now