BFD log forging Vulnerability
BFD is a modular shell script for parsing application logs and checking for authentication failures. It does this using a rules system where application specific options are stored including regular expressions for each unique auth format.
Through the use of log forging, it is possible to trick BFD into blocking any IP range (E.g: 174.0.0.0/8) which could easily result in a malicious user creating a DoS against the server by blocking every single IPv4 address with minimal effort.
This vulnerability was tested against R-fx Networks BFD 1.5 and is believed to exist in all versions prior to the fixed builds.
This vulnerability was patched in R-fx Networks BFD 1.5-1, however, the ability to maliciously block a *single* IP address remains. Please read the following forum post for mitigation suggestions:
This vulnerability depends on log spoofing hence it is existed in all scripts which depend on logs to find failed login attempts i.e. CSF, BFD, Fail2ban etc.