Format String Vulnerability in SSH username

Format String Vulnerability in SSH username

Summary

There is a format string vulnerability in the SSH username handling when connecting to FortiOS 5.6.0, that may lead to memory corruption.

Affected Products

FortiOS 5.6.0
The following Fortinet products are NOT affected:
FortiOS :
5.4 branch: not vulnerable
5.2 branch: not vulnerable
FortiAnalyzer
FortiManager


Solutions

Upgrade to FortiOS 5.6.1 or above.
Workaround: Configure the trusthost feature to only allow trusted administrators to use SSH and deny others.

Acknowledgement

Fortinet thanks Simone Cardona for reporting this vulnerability.