Oval Definition:	oval:org.opensuse.security:def:202132749
Revision Date: 2022-06-30 Version: 1 Title: CVE-2021-32749 Description: fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if unescaped sequences (`\n~`) are available in "foreign" input (for instance in whois output). To exploit the vulnerability, an attacker would need to insert malicious characters into the response sent by the whois server, either via a MITM attack or by taking over a whois server. The issue is patched in versions 0.10.7 and 0.11.3. As a workaround, one may avoid the usage of action `mail-whois` or patch the vulnerability manually. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2021-32749 SUSE CVE-2021-32749 openSUSE-SU-2021:1274-1 Platform(s): openSUSE Leap 15.2 openSUSE Leap 15.3 openSUSE Tumbleweed SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Package Hub for SUSE Linux Enterprise 15 SP1 SUSE Package Hub for SUSE Linux Enterprise 15 SP2 SUSE Package Hub for SUSE Linux Enterprise 15 SP3 Product(s): Definition Synopsis openSUSE Tumbleweed is installed AND Package Information fail2ban-0.11.2-3.1 is installed OR monitoring-plugins-fail2ban-0.11.2-3.1 is installed Definition Synopsis SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed AND Package Information fail2ban-0.11.2-bp151.3.3.1 is installed OR monitoring-plugins-fail2ban-0.11.2-bp151.3.3.1 is installed Definition Synopsis SUSE Package Hub for SUSE Linux Enterprise 15 SP2 is installed AND Package Information fail2ban-0.11.2-bp152.4.3.1 is installed OR monitoring-plugins-fail2ban-0.11.2-bp152.4.3.1 is installed Definition Synopsis Release Information SUSE Package Hub for SUSE Linux Enterprise 15 SP3 is installed AND fail2ban-0.11.2-bp153.2.3.1 is installed OR monitoring-plugins-fail2ban-0.11.2-bp153.2.3.1 is installed OR Package Information SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed AND fail2ban-0.11.2-bp151.3.3.1 is installed OR monitoring-plugins-fail2ban-0.11.2-bp151.3.3.1 is installed OR Package Information SUSE Package Hub for SUSE Linux Enterprise 15 SP2 is installed AND fail2ban-0.11.2-bp152.4.3.1 is installed OR monitoring-plugins-fail2ban-0.11.2-bp152.4.3.1 is installed Definition Synopsis openSUSE Leap 15.2 is installed AND Package Information fail2ban-0.11.2-lp152.3.3.1 is installed AND fail2ban is signed with openSUSE key OR monitoring-plugins-fail2ban-0.11.2-lp152.3.3.1 is installed AND monitoring-plugins-fail2ban is signed with openSUSE key Definition Synopsis openSUSE Leap 15.3 is installed AND Package Information fail2ban-0.11.2-bp153.2.3.1 is installed AND fail2ban is signed with openSUSE key OR monitoring-plugins-fail2ban-0.11.2-bp153.2.3.1 is installed AND monitoring-plugins-fail2ban is signed with openSUSE key
BACK