FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

fail2ban -- possible RCE vulnerability in mailing action using mailutils

Affected packages
py310-fail2ban < 0.11.2_3
py36-fail2ban < 0.11.2_3
py37-fail2ban < 0.11.2_3
py38-fail2ban < 0.11.2_3
py39-fail2ban < 0.11.2_3

Details

VuXML ID c848059a-318b-11ec-aa15-0800270512f4
Discovery 2021-07-16
Entry 2021-10-28

Jakub Żoczek reports:

Command mail from mailutils package used in mail actions like mail-whois can execute command if unescaped sequences (\n~) are available in "foreign" input (for instance in whois output).

References

CVE Name CVE-2021-32749
URL https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm