CSF 2.67 - LF_HTACCESS insecure regexp



DESCRIPTION


See issue 04 above for a complete explanation of this issue. The regexp for this issue looks similar to the following:


 634     if ( $log_line =~ /\[client (.*)\] user .*: authentication failure/ ) {
 635         return ( 'Unsuccessful http auth login from', $1, 'htpasswd' );
 636     }



IMPACT


Remote, unauthenticated command execution as root. LF_HTACCESS is disabled by default.

This bug was not reported because it was not discovered until after it had been fixed. I believe this bug was fixed in the release that followed 2.76 as a result of reporting issue #08 (remotely block any IP address, pure-ftpd regexp).