PSIRT Advisories

FortiClient (Linux) - Improper directories permissions

Summary

An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.

Affected Products

FortiClientLinux version 6.0.0 through 6.0.8
FortiClientLinux version 6.2.0 through 6.2.9
FortiClientLinux version 6.4.0 through 6.4.7
FortiClientLinux version 7.0.0 through 7.0.2

Solutions

Please upgrade to FortiClientLinux version 7.0.3

Please upgrade to FortiClientLinux version 6.4.8