CSF 2.67 - LF_MODSEC insecure regexp
DESCRIPTION
See issue 04 above for a complete explanation of this issue. The regexp for this issue looks similar to the following:
638 if ( $log_line =~ /\[client (.*)\] mod_security: Access denied with code/ ) { 639 return ( 'modsec from', $1, 'modsec' ); 640 }
IMPACT
Remote, unauthenticated command execution as root. LF_MODSEC is disabled by default.
This bug was not reported because it was not discovered until after it had been fixed. I believe this bug was fixed in the release that followed 2.76 as a result of reporting issue #08 (remotely block any IP address, pure-ftpd regexp).