ConfigServer Firewall (CSF) is a a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.
It is possible for a malicious user to create forged log entries to trick the Login Failure Daemon into believing that a user has logged into the server via SSH or other services being monitored. This is more of a nuisance exploit than anything else, but could be used to create confusion and concern for administrators.
We have deemed this vulnerability to be rated as LOW due to the fact that only nuisance (forged) alerts can be generated.
This vulnerability was tested against ConfigServer Firewall (CSF) 6.40 and is believed to exist in all versions prior to the fixed builds below.
ConfigServer Firewall (CSF) implemented a bunch of options in v6.41 and v6.42 to help mitigate against this attack. Please read the following change log to fully understand the options available: