Type: Log Forging
Location: Local
Impact: Low
Product: ConfigServer Firewall (CSF)
Website: http://configserver.com/cp/csf.html
Vulnerable Version: 6.40
Fixed Version: 6.42 (See Notes Below!)
CVE: -
R911: 0120
Date: 2014-02-02
By: Rack911
Product Description:

ConfigServer Firewall (CSF) is a a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.

Vulnerability Description:

It is possible for a malicious user to create forged log entries to trick the Login Failure Daemon into believing that a user has logged into the server via SSH or other services being monitored. This is more of a nuisance exploit than anything else, but could be used to create confusion and concern for administrators.


We have deemed this vulnerability to be rated as LOW due to the fact that only nuisance (forged) alerts can be generated.

Vulnerable Version:

This vulnerability was tested against ConfigServer Firewall (CSF) 6.40 and is believed to exist in all versions prior to the fixed builds below.

Fixed Version:

ConfigServer Firewall (CSF) implemented a bunch of options in v6.41 and v6.42 to help mitigate against this attack. Please read the following change log to fully understand the options available:


Vendor Contact Timeline:

2014-01-26: Vendor contacted via email.
2014-01-26: Vendor confirms vulnerability.
2014-01-29: Vendor issues update v6.41.
2014-02-02: Vendor issues update v6.42.
2014-02-02: Rack911 issues security advisory.