Skip to content
Permalink
Browse files Browse the repository at this point in the history
fixed possible RCE vulnerability, unset escape variable (default tild…
…e) stops consider "~" char after new-line as composing escape sequence

closes GHSA-m985-3f3v-cwmm for 0.9
  • Loading branch information
sebres committed Jul 7, 2021
1 parent 5430091 commit 2ed414e
Show file tree
Hide file tree
Showing 6 changed files with 21 additions and 15 deletions.
2 changes: 1 addition & 1 deletion config/action.d/complain.conf
Expand Up @@ -79,7 +79,7 @@ logpath = /dev/null
# Notes.: Your system mail command. Is passed 2 args: subject and recipient
# Values: CMD
#
mailcmd = mail -s
mailcmd = mail -E 'set escape' -s

# Option: mailargs
# Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
Expand Down
2 changes: 1 addition & 1 deletion config/action.d/dshield.conf
Expand Up @@ -176,7 +176,7 @@ tcpflags =
# Notes.: Your system mail command. Is passed 2 args: subject and recipient
# Values: CMD
#
mailcmd = mail -s
mailcmd = mail -E 'set escape' -s

# Option: mailargs
# Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
Expand Down
8 changes: 4 additions & 4 deletions config/action.d/mail-buffered.conf
Expand Up @@ -14,7 +14,7 @@ actionstart = printf %%b "Hi,\n
The jail <name> has been started successfully.\n
Output will be buffered until <lines> lines are available.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started on `uname -n`" <dest>
Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on `uname -n`" <dest>

# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
Expand All @@ -25,13 +25,13 @@ actionstop = if [ -f <tmpfile> ]; then
These hosts have been banned by Fail2Ban.\n
`cat <tmpfile>`
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from `uname -n`" <dest>
Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary from `uname -n`" <dest>
rm <tmpfile>
fi
printf %%b "Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on `uname -n`" <dest>
Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on `uname -n`" <dest>

# Option: actioncheck
# Notes.: command executed once before each actionban command
Expand All @@ -52,7 +52,7 @@ actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
These hosts have been banned by Fail2Ban.\n
`cat <tmpfile>`
\nRegards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary" <dest>
rm <tmpfile>
fi

Expand Down
12 changes: 9 additions & 3 deletions config/action.d/mail-whois-lines.conf
Expand Up @@ -17,7 +17,7 @@ before = mail-whois-common.conf
actionstart = printf %%b "Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started on `uname -n`" <dest>
Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: started on `uname -n`" <dest>

# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
Expand All @@ -26,7 +26,7 @@ actionstart = printf %%b "Hi,\n
actionstop = printf %%b "Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on `uname -n`" <dest>
Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: stopped on `uname -n`" <dest>

# Option: actioncheck
# Notes.: command executed once before each actionban command
Expand All @@ -48,7 +48,7 @@ actionban = printf %%b "Hi,\n
Lines containing IP:<ip> in <logpath>\n
`grep -E <grepopts> '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from `uname -n`" <dest>
Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: banned <ip> from `uname -n`" <dest>

# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
Expand All @@ -60,6 +60,12 @@ actionunban =

[Init]

# Option: mailcmd
# Notes.: Your system mail command. Is passed 2 args: subject and recipient
# Values: CMD
#
mailcmd = mail -E 'set escape' -s

# Default name of the chain
#
name = default
Expand Down
6 changes: 3 additions & 3 deletions config/action.d/mail-whois.conf
Expand Up @@ -17,7 +17,7 @@ before = mail-whois-common.conf
actionstart = printf %%b "Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started on `uname -n`" <dest>
Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on `uname -n`" <dest>

# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
Expand All @@ -26,7 +26,7 @@ actionstart = printf %%b "Hi,\n
actionstop = printf %%b "Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on `uname -n`" <dest>
Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on `uname -n`" <dest>

# Option: actioncheck
# Notes.: command executed once before each actionban command
Expand All @@ -46,7 +46,7 @@ actionban = printf %%b "Hi,\n
Here is more information about <ip> :\n
`%(_whois_command)s`\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from `uname -n`" <dest>
Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from `uname -n`" <dest>

# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
Expand Down
6 changes: 3 additions & 3 deletions config/action.d/mail.conf
Expand Up @@ -13,7 +13,7 @@
actionstart = printf %%b "Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started on `uname -n`" <dest>
Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on `uname -n`" <dest>

# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
Expand All @@ -22,7 +22,7 @@ actionstart = printf %%b "Hi,\n
actionstop = printf %%b "Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on `uname -n`" <dest>
Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on `uname -n`" <dest>

# Option: actioncheck
# Notes.: command executed once before each actionban command
Expand All @@ -40,7 +40,7 @@ actionban = printf %%b "Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from `uname -n`" <dest>
Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from `uname -n`" <dest>

# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
Expand Down

3 comments on commit 2ed414e

@Myron-S
Copy link

@Myron-S Myron-S commented on 2ed414e Oct 8, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does not look right.
"-E Don't send messages with an empty body."

The -E option does not take any parameters according to man MAIN(1) documentation.

@sebres
Copy link
Contributor Author

@sebres sebres commented on 2ed414e Oct 11, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Myron-S
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank-you for the reference. During tests I found the same on my system. Still, it is possible to change the escape character to something else within /etc/mail.rc if required.

Please sign in to comment.