Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5642

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-5642
Last Modified 05 Dec 2013 12:20:35
Published 31 Dec 2012 06:50:27
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5642

Summary

server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content.

Vulnerable Systems

Application

  • Fail2ban 0.1.0

  • Fail2ban 0.1.1

  • Fail2ban 0.1.2

  • Fail2ban 0.3.0

  • Fail2ban 0.3.1

  • Fail2ban 0.4.0

  • Fail2ban 0.4.1

  • Fail2ban 0.5.0

  • Fail2ban 0.5.1

  • Fail2ban 0.5.2

  • Fail2ban 0.5.3

  • Fail2ban 0.5.4

  • Fail2ban 0.5.5

  • Fail2ban 0.6.0

  • Fail2ban 0.6.1

  • Fail2ban 0.7.0

  • Fail2ban 0.7.1

  • Fail2ban 0.7.2

  • Fail2ban 0.7.3

  • Fail2ban 0.7.4

  • Fail2ban 0.7.5

  • Fail2ban 0.7.6

  • Fail2ban 0.7.7

  • Fail2ban 0.7.8

  • Fail2ban 0.7.9

  • Fail2ban 0.8.0

  • Fail2ban 0.8.1

  • Fail2ban 0.8.2

  • Fail2ban 0.8.3

  • Fail2ban 0.8.4

  • Fail2ban 0.8.5

  • Fail2ban 0.8.6

  • Fail2ban 0.8.7

  • Fail2ban 0.8.7.1


References

CONFIRM - https://github.com/fail2ban/fail2ban/commit/83109bc

CONFIRM - https://raw.github.com/fail2ban/fail2ban/master/ChangeLog

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=887914

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=447572

MLIST - [oss-security] 20121217 Re: CVE request: fail2ban 0.8.8 fixes an input variable quoting flaw on content

MLIST - [fail2ban-users] 20121206 0.8.8 release

SUSE - openSUSE-SU-2013:0567

SUSE - openSUSE-SU-2013:0566

MANDRIVA - MDVSA-2013:078


Last Updated: 27 May 2016 11:01:30