CVE-2012-5642

Severity

75%

Complexity

99%

Confidentiality

106%

server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content.

server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Fail2Ban

First reported 12 years ago

2012-12-31 11:50:00

Last updated 11 years ago

2013-12-05 05:20:00

Affected Software

Fail2Ban 0.1.0

0.1.0

Fail2Ban 0.1.1

0.1.1

Fail2Ban 0.1.2

0.1.2

Fail2Ban 0.3.0

0.3.0

Fail2Ban 0.3.1

0.3.1

Fail2Ban 0.4.0

0.4.0

Fail2Ban 0.4.1

0.4.1

Fail2Ban 0.5.0

0.5.0

Fail2Ban 0.5.1

0.5.1

Fail2Ban 0.5.2

0.5.2

Fail2Ban 0.5.3

0.5.3

Fail2Ban 0.5.4

0.5.4

Fail2Ban 0.5.5

0.5.5

Fail2Ban 0.6.0

0.6.0

Fail2Ban 0.6.1

0.6.1

Fail2Ban 0.7.0

0.7.0

Fail2Ban 0.7.1

0.7.1

Fail2Ban 0.7.2

0.7.2

Fail2Ban 0.7.3

0.7.3

Fail2Ban 0.7.4

0.7.4

Fail2Ban 0.7.5

0.7.5

Fail2Ban 0.7.6

0.7.6

Fail2Ban 0.7.7

0.7.7

Fail2Ban 0.7.8

0.7.8

Fail2Ban 0.7.9

0.7.9

Fail2Ban 0.8.0

0.8.0

Fail2Ban 0.8.1

0.8.1

Fail2Ban 0.8.2

0.8.2

Fail2Ban 0.8.3

0.8.3

Fail2Ban 0.8.4

0.8.4

Fail2Ban 0.8.5

0.8.5

Fail2Ban 0.8.6

0.8.6

Fail2Ban 0.8.7

0.8.7

References

openSUSE-SU-2013:0566

openSUSE-SU-2013:0567

[fail2ban-users] 20121206 0.8.8 release

MDVSA-2013:078

[oss-security] 20121217 Re: CVE request: fail2ban 0.8.8 fixes an input variable quoting flaw on <matches> content

https://bugs.gentoo.org/show_bug.cgi?id=447572

https://bugzilla.redhat.com/show_bug.cgi?id=887914

https://github.com/fail2ban/fail2ban/commit/83109bc

Patch, Vendor Advisory

https://raw.github.com/fail2ban/fail2ban/master/ChangeLog

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.