5

CVE-2013-7176

Exploit
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fail2banFail2ban Version <= 0.8.10
Fail2banFail2ban Version0.1.0
Fail2banFail2ban Version0.1.1
Fail2banFail2ban Version0.1.2
Fail2banFail2ban Version0.3.0
Fail2banFail2ban Version0.3.1
Fail2banFail2ban Version0.4.0
Fail2banFail2ban Version0.4.1
Fail2banFail2ban Version0.5.0
Fail2banFail2ban Version0.5.1
Fail2banFail2ban Version0.5.2
Fail2banFail2ban Version0.5.3
Fail2banFail2ban Version0.5.4
Fail2banFail2ban Version0.5.5
Fail2banFail2ban Version0.6.0
Fail2banFail2ban Version0.6.1
Fail2banFail2ban Version0.7.0
Fail2banFail2ban Version0.7.1
Fail2banFail2ban Version0.7.2
Fail2banFail2ban Version0.7.3
Fail2banFail2ban Version0.7.4
Fail2banFail2ban Version0.7.5
Fail2banFail2ban Version0.7.6
Fail2banFail2ban Version0.7.7
Fail2banFail2ban Version0.7.8
Fail2banFail2ban Version0.7.9
Fail2banFail2ban Version0.8.0
Fail2banFail2ban Version0.8.1
Fail2banFail2ban Version0.8.2
Fail2banFail2ban Version0.8.3
Fail2banFail2ban Version0.8.4
Fail2banFail2ban Version0.8.5
Fail2banFail2ban Version0.8.6
Fail2banFail2ban Version0.8.7
Fail2banFail2ban Version0.8.7.1
Fail2banFail2ban Version0.8.8
Fail2banFail2ban Version0.8.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.24% 0.866
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html
http://www.debian.org/security/2014/dsa-2979
http://www.kb.cert.org/vuls/id/686662
US Government Resource
https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821
Patch
Exploit