Overview

File fail2ban-0.8.4-CVE-2013-2178.patch of Package fail2ban

--- fail2ban-0.8.4/config/filter.d/apache-auth.conf.orig	2013-06-25 17:56:19.813033890 +0200
+++ fail2ban-0.8.4/config/filter.d/apache-auth.conf	2013-06-25 17:59:43.150657855 +0200
@@ -5,6 +5,12 @@
 # $Revision: 728 $
 #
 
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = apache-common.conf
+
 [Definition]
 
 # Option:  failregex
@@ -14,9 +20,7 @@
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
-failregex = [[]client <HOST>[]] user .* authentication failure
-            [[]client <HOST>[]] user .* not found
-            [[]client <HOST>[]] user .* password mismatch
+failregex = ^%(_apache_error_client)s user .* (authentication failure|not found|password mismatch)\s*$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- fail2ban-0.8.4/config/filter.d/apache-common.conf.orig	2013-06-25 18:00:43.240182424 +0200
+++ fail2ban-0.8.4/config/filter.d/apache-common.conf	2013-06-25 18:01:18.308737714 +0200
@@ -0,0 +1,25 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = [[]client <HOST>[]] user .* authentication failure
+            [[]client <HOST>[]] user .* not found
+            [[]client <HOST>[]] user .* password mismatch
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 
--- fail2ban-0.8.4/config/filter.d/apache-noscript.conf.orig	2013-06-25 18:02:55.473734692 +0200
+++ fail2ban-0.8.4/config/filter.d/apache-noscript.conf	2013-06-25 18:04:09.170698377 +0200
@@ -5,6 +5,12 @@
 # $Revision: 728 $
 #
 
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = apache-common.conf
+
 [Definition]
 
 # Option:  failregex
@@ -14,8 +20,8 @@
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
-failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl)
-            [[]client <HOST>[]] script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat *$
+failregex = ^%(_apache_error_client)s (File does not exist|script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl)\s*$
+            ^%(_apache_error_client)s script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat\s*$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- fail2ban-0.8.4/config/filter.d/apache-overflows.conf.orig	2013-06-25 18:05:30.682339965 +0200
+++ fail2ban-0.8.4/config/filter.d/apache-overflows.conf	2013-06-25 18:06:59.124695843 +0200
@@ -5,13 +5,19 @@
 # $Revision: 668 $
 #
 
++[INCLUDES]
++
++# Read common prefixes. If any customizations available -- read them from
++# common.local
++before = apache-common.conf
++
 [Definition]
 
 # Option:  failregex
 # Notes.:  Regexp to catch Apache overflow attempts.
 # Values:  TEXT
 #
-failregex = [[]client <HOST>[]] (Invalid method in request|request failed: URI too long|erroneous characters after protocol string)
+failregex = ^%(_apache_error_client)s (Invalid (method|URI) in request|request failed: URI too long|erroneous characters after protocol string)
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- fail2ban-0.8.6-orig/testcases/files/logs/apache-auth	1970-01-01 01:00:00.000000000 +0100
+++ fail2ban-0.8.6/testcases/files/logs/apache-auth	2013-06-14 15:00:50.932753622 +0200
@@ -0,0 +1,5 @@
+# Should not match -- DoS vector https://vndh.net/note:fail2ban-089-denial-service
+[Sat Jun 01 02:17:42 2013] [error] [client 192.168.33.1] File does not exist: /srv/http/site/[client 192.168.0.1] user root not found
+
+# should match
+[Sat Jun 01 02:17:42 2013] [error] [client 192.168.0.2] user root not found
diff -Nur fail2ban-0.8.6-orig/testcases/files/logs/apache-noscript fail2ban-0.8.6/testcases/files/logs/apache-noscript
--- fail2ban-0.8.6-orig/testcases/files/logs/apache-noscript	1970-01-01 01:00:00.000000000 +0100
+++ fail2ban-0.8.6/testcases/files/logs/apache-noscript	2013-06-14 15:00:50.940753772 +0200
@@ -0,0 +1 @@
+[Sun Jun 09 07:57:47 2013] [error] [client 192.0.43.10] script '/usr/lib/cgi-bin/gitweb.cgiwp-login.php' not found or unable to stat
openSUSE Build Service is sponsored by
Places