cR0w h0 h0

Neat vuln in Fail2Ban.

gist.github.com/R-Security/1c7

Fail2Ban 0.11.2 contains a vulnerability that allows an attacker with the ability to influence logged input (e.g., authentication logs, service logs processed by Fail2Ban filters) to inject specially crafted patterns that lead to command execution within the Fail2Ban action processing pipeline.

Because Fail2Ban actions typically run with root privileges, this can result in privilege escalation, allowing an attacker to execute commands with elevated permissions.

The issue arises from insufficient sanitization of variables passed into action scripts under certain configurations, allowing malicious input to propagate into shell execution.

1+
Neil Madden

@cR0w c’mon, why isn’t this called fail2shell with a snazzy website?

1+
⊥ᵒᵚ Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️

@neilmadden @cR0w because anyone running a 5 year old fail2ban install has already been owned by something else. It's barely worth a CVE. I have no idea why these are issued for non-supported versions.

1+
Gabriel N

@falken @neilmadden @cR0w happy to bet you something that my five year old server has not been owned by this or something else

There is value in stability as long as there are patches.

And Ubuntu provides free security updates for personal servers through their ESM program.

1+
⊥ᵒᵚ Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️
Follow

@gnyman @neilmadden @cR0w my server is older than 5 years too. But it's on the Internet so I patch that shit.

· · Tusky · 1 · 0 · 1
Gabriel N

@falken

yes patching is required and esm provides security patches

0
Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.

Trending now

Resources

Developers

What is Mastodon?

qoto.org

More…

v3.5.19-qoto · Privacy policy