Local File Write Vulnerability in Fail2ban by Configurable Actions
CVE-2009-5023

Currently unrated

Key Information:

Vendor

Fail2ban

Status
Fail2ban
Vendor
CVE Published:
10 June 2014

What is CVE-2009-5023?

Fail2ban versions prior to 0.8.5 can be exploited by local users through a symlink attack targeting predictable temporary files. Specifically, configurations such as dshield.conf, mail-buffered.conf, and mynetwatchman.conf within the action.d directory permit unauthorized writing to arbitrary files. This vulnerability arises from inadequate sanitation of file paths, enabling attackers to manipulate system behavior by crafting symbolic links that redirect file writing operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/fail2ban/fail2ban/blob/sdist/0.8.5/Cha...
x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201406-03.xml
vendor-advisoryx_refsource_GENTOO
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544232
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.