fail2ban is very useful piece of software that stops brute forcing attacks on a variety of services. Knowing that fail2ban exists is serious source of frustration for me personally when I am completing a vulnerable machine or an exercise and the solution is “just brute force credentials using hydra and X wordlist.” In the back of my mind I’m always sighing and saying, “This isn’t a thing in the real world, it hasn’t been a thing for a long time.”
But what happens when the cure is the problem? CVE-2021-32749 has been disclosed and allows for Remote Code Execution in fail2ban. The vulnerability allows a bad actor to perform command injection by controlling the whois information associated with their IP address. The vulnerability has been patched in versions 0.10.7 and 0.11.3. As a workaround you can avoid the usage of action mail-whois.
Full writeup here!