BFD is a modular shell script for parsing application logs and checking for authentication failures. It does this using a rules system where application specific options are stored including regular expressions for each unique auth format.
Through the use of log forging, it is possible to trick BFD into blocking any IP range (E.g: 126.96.36.199/8) which could easily result in a malicious user creating a DoS against the server by blocking every single IPv4 address with minimal effort.
We have deemed this vulnerability to be rated as HIGH due to the fact that any user, including administrators, can have their IP's blocked.
This vulnerability was tested against R-fx Networks BFD 1.5 and is believed to exist in all versions prior to the fixed builds below.
This vulnerability was patched in R-fx Networks BFD 1.5-1, however, the ability to maliciously block a *single* IP address remains. Please read the following forum post for mitigation suggestions: