PSIRT Advisories
FortiOS SSL VPN buffer overrun through POST message payload
Summary
Failure to properly parse message payloads in the SSL VPN portal of FortiOS may allow a non-authenticated attacker to perform a Denial of Service attack via exploiting a buffer overflow.
Affected Products
FortiOS 6.0.0 to 6.0.4
FortiOS 5.6.0 to 5.6.7
FortiOS 5.4 and below
Solutions
Upgrade to FortiOS 5.6.8, 6.0.5 or 6.2.0
Workarounds:
Disable the SSL-VPN web portal service by applying the following CLI commands:
For FortiOS 5.0 and below branches:
config vpn ssl settings
set sslvpn-enable disable
end
For FortiOS 5.2 and above branches:
config vpn ssl settings
unset source-interface
end
Acknowledgement
Fortinet is pleased to thank Meh Chang and Orange Tsai from DEVCORE Security Research Team for reporting this vulnerability under responsible disclosure.