Test ID:	1.3.6.1.4.1.25623.1.1.12.2022.5232.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5232-1)
Summary:	The remote host is missing an update for the 'fail2ban' package(s) announced via the USN-5232-1 advisory.
Description:	Summary: The remote host is missing an update for the 'fail2ban' package(s) announced via the USN-5232-1 advisory. Vulnerability Insight: Jakub Zoczek discovered that certain Fail2ban actions handled whois responses in an insecure way. If Fail2ban was configured to use certain mail actions like 'mail-whois' on a target system, a remote attacker who was able to control whois responses to this target system could possibly execute arbitrary code. Affected Software/OS: 'fail2ban' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-32749 https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHJK2X2MR2WDYZMCW7COZXJDUSDYMY6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZRYQ77MTX5WSV33VCJLK4KBKR55QZ7ZA/ https://security.gentoo.org/glsa/202310-13 https://github.com/fail2ban/fail2ban/commit/2ed414ed09b3bb4c478abc9366a1ff22024a33c9 https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.