CVE-2009-5023

Description

The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt.

How to fix CVE-2009-5023

To remediate CVE-2009-5023, upgrade the affected package to a fixed version below.

• Debian/fail2ban—upgrade to 0.8.4+svn20110323-1 or later

Is CVE-2009-5023 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.8.4+svn20110323-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-5023