CVE-2013-2178

Published: 28 August 2013

The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request.

Priority

Status

Package	Release	Status
fail2ban Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Released (0.8.6-3wheezy2build0.12.04.1)
	quantal	Ignored (end of life)
	raring	Ignored (end of life)
	saucy	Not vulnerable (0.8.10-1)
	trusty	Not vulnerable (0.8.10-1)
	upstream	Released (0.8.10)

References

http://www.openwall.com/lists/oss-security/2013/06/13
https://vndh.net/note:fail2ban-089-denial-service
https://www.cve.org/CVERecord?id=CVE-2013-2178
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.