Ubuntu
fail2ban package

[fail2ban] [CVE-2007-4321] DoS vulnerability

Bug #181722 reported by disabled.user
256
Affects Status Importance Assigned to Milestone
fail2ban (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Won't Fix
Undecided
Unassigned
Edgy
Won't Fix
Undecided
Unassigned
Feisty
Won't Fix
Undecided
Unassigned
Gutsy
Fix Released
Undecided
Unassigned
Hardy
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: fail2ban

References:
DSA-1456-1 (http://www.debian.org/security/2008/dsa-1456)

Quoting:
"Daniel B. Cid discovered that fail2ban, a tool to block IP addresses
that cause login failures, is too liberal about parsing SSH log files,
allowing an attacker to block any IP address."

CVE References

William Grant (wgrant)
Changed in fail2ban:
status: New → Fix Released
status: New → Fix Released
Revision history for this message
Hew (hew) wrote :

Ubuntu Edgy Eft is no longer supported, so a SRU will not be issued for this release. Marking Edgy as Won't Fix.

Changed in fail2ban:
status: New → Won't Fix
Revision history for this message
Hew (hew) wrote :

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.

Changed in fail2ban:
status: New → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in fail2ban (Ubuntu Dapper):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.