Comment 6 for bug 121374

This is the relevant line from /etc/fail2ban.conf when fail2ban 0.6.0-3 is installed on Ubuntu 6.06 LTS (Dapper).

failregex = : (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user) .* from (?:::f{4,6}:)?(?P<host>\S*)

This seems to allow any non-whitespace characters after <host>, which I believe is the nature of the vulnerability described in CVE-2006-6302. Please correct me if I'm wrong.