Mandriva Linux Security Advisory : fail2ban (MDVSA-2013:078)

High Nessus Plugin ID 66092


The remote Mandriva Linux host is missing a security update.


Updated fail2ban package fixes security vulnerability :

fail2ban before 0.8.8 didn't escape the content of \<matches\> (if used in custom action files), which could cause issues on the system running fail2ban as it scans log files, depending on what content is matched, since that content could contain arbitrary symbols (CVE-2012-5642).


Update the affected fail2ban package.

Plugin Details

Severity: High

ID: 66092

File Name: mandriva_MDVSA-2013-078.nasl

Version: $Revision: 1.4 $

Type: local

Published: 2013/04/20

Modified: 2016/05/17

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:fail2ban, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/04/09

Reference Information

CVE: CVE-2012-5642

BID: 56963

MDVSA: 2013:078

MGASA: 2012-0372