Vulnerability Note VU#686662

Fail2ban postfix and cyrus-imap filters contain denial-of-service vulnerabilities

Original Release date: 28 Jan 2014 | Last revised: 28 Jan 2014

Overview

Fail2ban versions prior to 0.8.11 are susceptible to a denial-of-service attack when a maliciously crafted email address is parsed by the postfix or cyrus-imap filters. If users have not deployed either of these filters then they are not affected.

Description

Fail2ban versions prior to 0.8.11 are susceptible to a denial-of-service attack when a maliciously crafted email address is parsed by the postfix or cyrus-imap filters. An attacker can cause arbitrary IP addresses to be blocked by fail2ban.

CVE-2013-7177: cyrus-imap
https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087

CVE-2013-7176: postfix
https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821

Impact

A remote unauthenticated attacker may cause arbitrary IP addresses to be blocked by Fail2ban causing legitimate users to be blocked from accessing services protected by Fail2ban.

Solution

Apply an Update

Fail2Ban 0.8.11 addresses these vulnerabilities. Users are advised to upgrade to Fail2ban 0.8.11 or later.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Fail2banAffected-23 Jan 2014
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C
Temporal 6.4 E:F/RL:OF/RC:C
Environmental 4.8 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Steven Hiscocks for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs: CVE-2013-7176 CVE-2013-7177
  • Date Public: 20 Jan 2014
  • Date First Published: 28 Jan 2014
  • Date Last Updated: 28 Jan 2014
  • Document Revision: 13

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.