Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0362

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2009-0362
Last Modified 13 Feb 2009 12:00:00
Published 12 Feb 2009 08:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-0362

Summary

filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321.

Vulnerable Systems

Application

  • Fail2ban 0.8.3


References

BID - 33734

SECUNIA - 33890

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514163


Last Updated: 27 May 2016 10:50:12