* Anchored sshd and vsftpd failregex at the end of line to prevent DoS on

those services, which is related to CVE-2007-4321 and closed in sid 438187.
2007-11-07 01:17:16 -05:00 · 2007-11-07 01:17:16 -05:00 · 143e53a764
parent 398ae233b5
commit 143e53a764
3 changed files with 36 additions and 1 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,4 +1,4 @@
-fail2ban (0.7.5-2etch1~pre3) stable-security; urgency=low
+fail2ban (0.7.5-2etch1~pre4) stable-security; urgency=low

  * NOT RELEASED YET
  * Propagated fix for asctime pattern from 0.7.8 release (closes: #421848)
@ -12,6 +12,9 @@ fail2ban (0.7.5-2etch1~pre3) stable-security; urgency=low
    possible DoS
  * Rigid call to python2.4 instead of via /usr/bin/env to prevent
    in-the-middle attack via environment poisoning
+  * Anchored sshd and vsftpd failregex at the end of line to prevent DoS on
+    those services, which is related to CVE-2007-4321 and closed in sid
+    438187.

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 01 May 2007 22:18:03 -0400

--- a/debian/patches/00_stronger_failregex.dpatch
+++ b/debian/patches/00_stronger_failregex.dpatch
@ -0,0 +1,31 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 00_stronger_failregex.dpatch by Yaroslav Halchenko <debian@onerussian.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad fail2ban~/config/filter.d/sshd.conf fail2ban/config/filter.d/sshd.conf
+--- fail2ban~/config/filter.d/sshd.conf	2007-11-06 17:57:04.000000000 -0500
+++ fail2ban/config/filter.d/sshd.conf	2007-11-07 01:04:17.000000000 -0500
+@@ -13,7 +13,7 @@
+ #          be used for standard IP/hostname matching.
+ # Values:  TEXT
+ #
+-failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>
+failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>(?: port \d*)?(?: ssh\d*)\s*$
+ 
+ # Option:  ignoreregex
+ # Notes.:  regex to ignore. If this regex matches, the line is ignored.
+diff -urNad fail2ban~/config/filter.d/vsftpd.conf fail2ban/config/filter.d/vsftpd.conf
+--- fail2ban~/config/filter.d/vsftpd.conf	2007-11-06 17:57:04.000000000 -0500
+++ fail2ban/config/filter.d/vsftpd.conf	2007-11-07 01:06:31.000000000 -0500
+@@ -13,7 +13,7 @@
+ #          be used for standard IP/hostname matching.
+ # Values: TEXT
+ #
+-failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
+failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>\s*$
+ 
+ # Option:  ignoreregex
+ # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/debian/patches/00list
+++ b/debian/patches/00list
@ -10,3 +10,4 @@ X00_rigid_python24
 s00_asctime-0.7.8
 00_hostsdeny
 X00_rigid_usrbinpython
+00_stronger_failregex