Package: fail2ban
Version: 0.7.5-2etch1
Severity: important
Tags: security
Hi,
from sserver.py:
def initialize(self, sock = "/tmp/fail2ban.sock", force = False):
self.__socket = sock
# Remove socket
if os.path.exists(sock):
logSys.error("Fail2ban seems to be already running")
if force:
logSys.warn("Forcing execution of the server")
os.remove(sock)
else:
raise SSocketErrorException("Server already runn ing")local users who want to brute force other system accounts would just need to create a file in /tmp/fail2ban.sock to disable fail2ban if it gets re/started unless it is called with force. On etch there is no check in the init script for this file, in unstable fail2ban is called with -x if the file exists and there is also a patch that creates the file under /var/run. The etch version does not even give an error in such a case, it just needs longer to start and then exists with success. Unpatched fail2ban sources of course also have this problem. This is not a severe thing but still should be fixed. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgprOUbZ6d6ji.pgp
Description: PGP signature
