PSIRT Advisories

Potential Buffer Overflow During HTTP Session Authentication

Summary

Fortinet has verified a potential issue during HTTP session authentication that could lead to a buffer overflow condition on the FortiGate unit when properly exploited. An attacker may craft a malicious HTTP request which exploits a variable in the HTTP header causing the buffer overflow condition when parsed by the FortiGate unit. When properly crafted, it may result in control of code flow execution.

description-logo Description

Fortinet has verified a potential issue during HTTP session authentication that could lead to a buffer overflow condition on the FortiGate unit when properly exploited. An attacker may craft a malicious HTTP request which exploits a variable in the HTTP header causing the buffer overflow condition when parsed by the FortiGate unit. When properly crafted, it may result in control of code flow execution.

Impact Detail

An attacker could potentially take code execution control through injected payload after overflowing a parameter in the header during HTTP session authentication. In the event of a properly exploited attack, it may allow shell access.

Affected Products

Some FortiGate units are affected. The following lists affected FortiOS units and versions, along with release status:
  • v4.2 - FortiGate 60C Units Only
    • Release TBA
  • v4.3 - All FortiGate Units < v4.3.8
    • Fix in v4.3.9, Released 8/20/2012
  • v5.0 Beta - All FortiGate Units
    • Fix in Beta 6, Release Scheduled 8/23/2012

Solutions

Fortinet recommends the following solutions:
  • If your product is affected as per 'Affected Product' section, apply the indicated upgrade when availablebranch under 'Affected Product'.