Type: Log Forging
Product: ConfigServer Firewall (CSF)
Vulnerable Version: 6.40
Fixed Version: 6.42 (See Notes Below!)
ConfigServer Firewall (CSF) is a a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.
It is possible for a malicious user to create forged log entries to trick the Login Failure Daemon feature into believing that an IP address is attempting to brute force the server which will then block the IP address in question. Blocking the administrators, other users, other servers and creating a DoS against the server is possible with this attack.
We have deemed this vulnerability to be rated as HIGH due to the fact that any user, including administrators, can have their IP's blocked.
This vulnerability was tested against ConfigServer Firewall (CSF) 6.40 and is believed to exist in all versions prior to the fixed builds below.
ConfigServer Firewall (CSF) implemented a bunch of options in v6.41 and v6.42 to help mitigate against this attack. Please read the following change log to fully understand the options available: