Fail2Ban · Fail2Ban · CVE-2009-5023
**Name of the Vulnerable Software and Affected Versions**
Fail2ban versions prior to 0.8.5
**Description**
The issue allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names in Fail2ban. This can be demonstrated by exploiting the predictability of file names such as /tmp/fail2ban-mail.txt.
**Recommendations**
For versions prior to 0.8.5, update to version 0.8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary files in the /tmp directory to minimize the risk of exploitation.