| Vulnerability Name: | CVE-2021-32749 (CCN-205645) | ||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2021-07-16 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2021-07-16 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2021-11-28 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if unescaped sequences (`\n~`) are available in "foreign" input (for instance in whois output). To exploit the vulnerability, an attacker would need to insert malicious characters into the response sent by the whois server, either via a MITM attack or by taking over a whois server. The issue is patched in versions 0.10.7 and 0.11.3. As a workaround, one may avoid the usage of action `mail-whois` or patch the vulnerability manually. | ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) 7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-78 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-32749 Source: XF Type: UNKNOWN fail2ban-cve202132749-code-exec(205645) Source: MISC Type: Patch, Third Party Advisory https://github.com/fail2ban/fail2ban/commit/2ed414ed09b3bb4c478abc9366a1ff22024a33c9 Source: MISC Type: Patch, Third Party Advisory https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844 Source: CCN Type: fail2ban GIT Repository Possible RCE vulnerability in mailing action using mailutils (mail-whois) Source: CONFIRM Type: Exploit, Patch, Third Party Advisory https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2021-0ab8f6a19a Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2021-a18b79d182 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||