---

CVE-2021-32749 - log back

CVE-2021-32749 edited at 17 Jul 2021 10:26:20

Description

- A security issue has been found in fail2ban before version 0.11.3. The "mail" command from the mailutils package used in mail actions like mail-whois can execute commands if unescaped sequences (\n~) are available in "foreign" input (for instance in whois output). + In fail2bain up to version 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action "mail-whois". The "mail" command from the mailutils package used in mail actions like "mail-whois" can execute arbitrary commands if unescaped sequences (`\n~`) are available in "foreign" input (for instance in whois output). To exploit the vulnerability, an attacker would need to insert malicious characters into the response sent by the whois server, either via a man-in-the-middle (MITM) attack or by taking over a whois server.

CVE-2021-32749 edited at 16 Jul 2021 14:35:33
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary command execution
Description	+ A security issue has been found in fail2ban before version 0.11.3. The "mail" command from the mailutils package used in mail actions like mail-whois can execute commands if unescaped sequences (\n~) are available in "foreign" input (for instance in whois output).
References	+ https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm + https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844
Notes	+ Workaround + ========== + + The way for users to fix or remediate the vulnerability without upgrading would be to avoid the usage of action mail-whois or to patch it manually.

CVE-2021-32749 created at 16 Jul 2021 14:33:08