CVE-2021-32749

Name of the Vulnerable Software and Affected Versions fail2ban versions 0.9.7 and prior fail2ban versions 0.10.0 through 0.10.6 fail2ban versions 0.11.0 through 0.11.2

Description The issue is related to errors in the mail-whois function. It leads to possible remote code execution in the mailing action mail-whois. The command mail from the mailutils package used in mail actions like mail-whois can execute commands if unescaped sequences ( ~) are available in the "foreign" input, for instance in whois output. To exploit the issue, an attacker would need to insert malicious characters into the response sent by the whois server, either via a MITM attack or by taking over a whois server.

Recommendations For versions 0.9.7 and prior, update to a version newer than 0.9.7 or patch the vulnerability manually. For versions 0.10.0 through 0.10.6, update to version 0.10.7 or patch the vulnerability manually. For versions 0.11.0 through 0.11.2, update to version 0.11.3 or patch the vulnerability manually. As a temporary workaround, consider avoiding the usage of the action mail-whois until the issue is resolved.