1 From 410a6ce5c80dd981c22752da034f2529b5eee844 Mon Sep 17 00:00:00 2001
2 From: sebres <serg.brester@sebres.de>
3 Date: Mon, 21 Jun 2021 17:12:53 +0200
4 Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable
5 (default tilde) stops consider "~" char after new-line as composing escape
6 sequence
7
8 ---
9 config/action.d/complain.conf | 2 +-
10 config/action.d/dshield.conf | 2 +-
11 config/action.d/mail-buffered.conf | 8 ++++----
12 config/action.d/mail-whois-lines.conf | 2 +-
13 config/action.d/mail-whois.conf | 6 +++---
14 config/action.d/mail.conf | 6 +++---
15 6 files changed, 13 insertions(+), 13 deletions(-)
16
17 diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf
18 index 3a5f882c9f..4d73b05859 100644
19 --- a/config/action.d/complain.conf
20 +++ b/config/action.d/complain.conf
21 @@ -102,7 +102,7 @@ logpath = /dev/null
22 # Notes.: Your system mail command. Is passed 2 args: subject and recipient
23 # Values: CMD
24 #
25 -mailcmd = mail -s
26 +mailcmd = mail -E 'set escape' -s
27
28 # Option: mailargs
29 # Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
30 diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
31 index c128bef348..3d5a7a53a9 100644
32 --- a/config/action.d/dshield.conf
33 +++ b/config/action.d/dshield.conf
34 @@ -179,7 +179,7 @@ tcpflags =
35 # Notes.: Your system mail command. Is passed 2 args: subject and recipient
36 # Values: CMD
37 #
38 -mailcmd = mail -s
39 +mailcmd = mail -E 'set escape' -s
40
41 # Option: mailargs
42 # Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
43 diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf
44 index 325f185b2f..79b841049c 100644
45 --- a/config/action.d/mail-buffered.conf
46 +++ b/config/action.d/mail-buffered.conf
47 @@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n
48 The jail <name> has been started successfully.\n
49 Output will be buffered until <lines> lines are available.\n
50 Regards,\n
51 - Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
52 + Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
53
54 # Option: actionstop
55 # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
56 @@ -28,13 +28,13 @@ actionstop = if [ -f <tmpfile> ]; then
57 These hosts have been banned by Fail2Ban.\n
58 `cat <tmpfile>`
59 Regards,\n
60 - Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
61 + Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
62 rm <tmpfile>
63 fi
64 printf %%b "Hi,\n
65 The jail <name> has been stopped.\n
66 Regards,\n
67 - Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
68 + Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
69
70 # Option: actioncheck
71 # Notes.: command executed once before each actionban command
72 @@ -55,7 +55,7 @@ actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
73 These hosts have been banned by Fail2Ban.\n
74 `cat <tmpfile>`
75 \nRegards,\n
76 - Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
77 + Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary" <dest>
78 rm <tmpfile>
79 fi
80
81 diff --git a/config/action.d/mail-whois-lines.conf b/config/action.d/mail-whois-lines.conf
82 index 3a3e56b2c7..d2818cb9b9 100644
83 --- a/config/action.d/mail-whois-lines.conf
84 +++ b/config/action.d/mail-whois-lines.conf
85 @@ -72,7 +72,7 @@ actionunban =
86 # Notes.: Your system mail command. Is passed 2 args: subject and recipient
87 # Values: CMD
88 #
89 -mailcmd = mail -s
90 +mailcmd = mail -E 'set escape' -s
91
92 # Default name of the chain
93 #
94 diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf
95 index 7fea34c40d..ab33b616dc 100644
96 --- a/config/action.d/mail-whois.conf
97 +++ b/config/action.d/mail-whois.conf
98 @@ -20,7 +20,7 @@ norestored = 1
99 actionstart = printf %%b "Hi,\n
100 The jail <name> has been started successfully.\n
101 Regards,\n
102 - Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
103 + Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
104
105 # Option: actionstop
106 # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
107 @@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n
108 actionstop = printf %%b "Hi,\n
109 The jail <name> has been stopped.\n
110 Regards,\n
111 - Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
112 + Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
113
114 # Option: actioncheck
115 # Notes.: command executed once before each actionban command
116 @@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n
117 Here is more information about <ip> :\n
118 `%(_whois_command)s`\n
119 Regards,\n
120 - Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
121 + Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
122
123 # Option: actionunban
124 # Notes.: command executed when unbanning an IP. Take care that the
125 diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf
126 index 5d8c0e154c..f4838ddcb6 100644
127 --- a/config/action.d/mail.conf
128 +++ b/config/action.d/mail.conf
129 @@ -16,7 +16,7 @@ norestored = 1
130 actionstart = printf %%b "Hi,\n
131 The jail <name> has been started successfully.\n
132 Regards,\n
133 - Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
134 + Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
135
136 # Option: actionstop
137 # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
138 @@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n
139 actionstop = printf %%b "Hi,\n
140 The jail <name> has been stopped.\n
141 Regards,\n
142 - Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
143 + Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
144
145 # Option: actioncheck
146 # Notes.: command executed once before each actionban command
147 @@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n
148 The IP <ip> has just been banned by Fail2Ban after
149 <failures> attempts against <name>.\n
150 Regards,\n
151 - Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
152 + Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
153
154 # Option: actionunban
155 # Notes.: command executed when unbanning an IP. Take care that the
|