Vulnerability Note VU#686662
Fail2ban postfix and cyrus-imap filters contain denial-of-service vulnerabilities
Fail2ban versions prior to 0.8.11 are susceptible to a denial-of-service attack when a maliciously crafted email address is parsed by the postfix or cyrus-imap filters. If users have not deployed either of these filters then they are not affected.
Fail2ban versions prior to 0.8.11 are susceptible to a denial-of-service attack when a maliciously crafted email address is parsed by the postfix or cyrus-imap filters. An attacker can cause arbitrary IP addresses to be blocked by fail2ban.
A remote unauthenticated attacker may cause arbitrary IP addresses to be blocked by Fail2ban causing legitimate users to be blocked from accessing services protected by Fail2ban.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Fail2ban||Affected||-||23 Jan 2014|
CVSS Metrics (Learn More)
Thanks to Steven Hiscocks for reporting this vulnerability.
This document was written by Jared Allar.
- CVE IDs: CVE-2013-7176 CVE-2013-7177
- Date Public: 20 Jan 2014
- Date First Published: 28 Jan 2014
- Date Last Updated: 28 Jan 2014
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.