Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Fail2ban RCE (cve.org)
5 points by todsacerdoti 3 months ago | hide | past | favorite | 2 comments


Something does not line up here. The description at NIST in the CVE is about a local privilege escalation.

It contains these two links

- https://packetstorm.news/files/id/189989

- https://gist.github.com/R-Security/1c707a08f9c7f9a91d9d84b50...

The first is also about the LPE, the second is apparently by the same author, names the same CVE-ID but is about a remote code execution?


Relevant discussion: https://github.com/fail2ban/fail2ban/issues/4110

Looks like a slop report that somehow made its way into the CVE database.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: