Vigil@nce - Fail2Ban: file corruption
May 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can create a symbolic link on a temporary file,
in order to force Fail2Ban to corrupt a file with root privileges.
Severity: 2/4
Creation date: 02/05/2011
IMPACTED PRODUCTS
– Fedora
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Fail2Ban program analyzes logs of sshd, ftpd, etc. daemons in
order to block intrusion attempts.
During its operations, Fail2Ban uses several temporary files:
/tmp/fail2ban-dshield
/tmp/fail2ban-mail.txt
/tmp/fail2ban-mynetwatchman
/tmp/fail2ban.sock
/tmp/fail2ban.test
However, these file names are predictable, and located in a
publicly writable directory.
A local attacker can therefore create a symbolic link on a
temporary file, in order to force Fail2Ban to corrupt a file with
root privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Fail2Ban-file-corruption-10610