R-fx Networks BFD – Log Forging (Deny IP) Vulnerability

BFD log forging Vulnerability

BFD is a modular shell script for parsing application logs and checking for authentication failures. It does this using a rules system where application specific options are stored including regular expressions for each unique auth format.

WHMCS Complete Billing and Support

Through the use of log forging, it is possible to trick BFD into blocking any IP range (E.g: 174.0.0.0/8) which could easily result in a malicious user creating a DoS against the server by blocking every single IPv4 address with minimal effort.

This vulnerability was tested against R-fx Networks BFD 1.5 and is believed to exist in all versions prior to the fixed builds.

This vulnerability was patched in R-fx Networks BFD 1.5-1, however, the ability to maliciously block a *single* IP address remains. Please read the following forum post for mitigation suggestions:

http://www.webhostingtalk.com/showthread.php?t=1344458

Posted in Security.

One Comment

  1. This vulnerability depends on log spoofing hence it is existed in all scripts which depend on logs to find failed login attempts i.e. CSF, BFD, Fail2ban etc.

Leave a Reply

Your email address will not be published. Required fields are marked *