Denial of Service Vulnerability in fail2ban by Bastille Technologies
CVE-2007-4321

Currently unrated

Key Information:

Vendor

Fail2ban

Status
Fail2ban
Vendor
CVE Published:
14 August 2007

What is CVE-2007-4321?

The fail2ban product, specifically versions 0.8 and earlier, contains a vulnerability that arises from improper parsing of sshd log files. This oversight enables remote attackers to inject arbitrary hosts into the /etc/hosts.deny file, potentially leading to a denial of service condition. Malicious users can exploit this flaw by logging in via SSH using a client protocol version that includes a malicious IP address string. As a result, attackers can manipulate access controls on the targeted system, disrupting service availability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.debian.org/security/2008/dsa-1456
vendor-advisoryx_refsource_DEBIAN
http://secunia.com/advisories/23237
third-party-advisoryx_refsource_SECUNIA
http://osvdb.org/42484
vdb-entryx_refsource_OSVDB

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.