Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2009-0362HistoryFeb 13, 2009 - 1:30 a.m.
CVE-2009-0362
2009-02-1301:30:00
Debian Security Bug Tracker
security-tracker.debian.org
7
fail2ban
filter.d/wuftpd.conf
vulnerability
denial of service
remote attackers
forced authentication
dns name
ip address
cve-2009-0362
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.19
Percentile
96.3%
filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | fail2ban | < 0.8.3-2sid1 | fail2ban_0.8.3-2sid1_all.deb |
| Debian | 11 | all | fail2ban | < 0.8.3-2sid1 | fail2ban_0.8.3-2sid1_all.deb |
| Debian | 999 | all | fail2ban | < 0.8.3-2sid1 | fail2ban_0.8.3-2sid1_all.deb |
| Debian | 13 | all | fail2ban | < 0.8.3-2sid1 | fail2ban_0.8.3-2sid1_all.deb |
Related
cve
cve
CVE-2009-0362
2009-02-13 01:30:00
CVE-2007-4321
2007-08-14 00:17:00
nvd
nvd
CVE-2009-0362
2009-02-13 01:30:00
CVE-2007-4321
2007-08-14 00:17:00
prion
prion
Authentication flaw
2009-02-13 01:30:00
Design/Logic Flaw
2007-08-14 00:17:00
cvelist
cvelist
CVE-2009-0362
2009-02-13 01:00:00
CVE-2007-4321
2007-08-14 00:00:00
ubuntucve
ubuntucve
CVE-2009-0362
2009-02-13 00:00:00
CVE-2007-4321
2007-08-14 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200707-13 (fail2ban)
2008-09-24 00:00:00
Fedora Core 9 FEDORA-2009-1736 (fail2ban)
2009-02-18 00:00:00
Fedora Core 9 FEDORA-2009-1736 (fail2ban)
2009-02-18 00:00:00
debian
debian
[SECURITY] [DSA 1456-1] New fail2ban packages fix denial of service
2008-01-09 22:02:37
nessus
nessus
Fedora 9 : fail2ban-0.8.3-18.fc9 (2009-1736)
2009-02-17 00:00:00
GLSA-200707-13 : Fail2ban: Denial of Service
2007-07-30 00:00:00
Fedora 10 : fail2ban-0.8.3-18.fc10 (2009-1737)
2009-04-23 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: fail2ban-0.8.3-18.fc10
2009-02-14 22:15:22
[SECURITY] Fedora 9 Update: fail2ban-0.8.3-18.fc9
2009-02-14 22:15:12
exploitdb
exploitdb
Fail2ban 0.8 - Remote Denial of Service
2007-07-28 00:00:00
gentoo
gentoo
Fail2ban: Denial of service
2007-07-28 00:00:00
osv
osv
fail2ban
2008-01-09 00:00:00
debiancve
debiancve
CVE-2007-4321
2007-08-14 00:17:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.19
Percentile
96.3%
Related for DEBIANCVE:CVE-2009-0362