FortiClient SSLVPN Linux client local privilege escalation vulnerability Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-15-017 Final 1 1 2015-07-24T00:00:00 Current version 2015-07-24T00:00:00 2015-07-24T00:00:00 None Installing Forticlient SSLVPN Linux client build 2312 and lower in a home directory that is world readable-executable yields a privilege escalation vulnerability: Any local user can then exploit the helper/subroc setuid binary to run arbitrary code with root privileges. Privilege Escalation Standalone Forticlient SSLVPN Linux client build 2312 and lower. Upgrade to FortiClient Linux SSLVPN version 2313 or above.Actual Exploitability varies with host systems: Ubuntu and Debian are known to set world readable-executable epermissions on home directories by default, while Fedora (and most other Linux distribution) do not.In the following example, user notvulnerable is not affected, while user iamvuln could be affected:ls -l /hometotal 28drwx------. 3 notvulnerable notvulnerable 4096 Jul 21 14:26 notvulnerabledrwx---r-x. 6 iamvuln iamvuln 4096 Jul 21 14:26 iamvulnA workaround is to apply chmod 700 to the user's home directory who installed the Linux FortiClient SSLVPN. Thanks to Brian Vincent. CVE-2015-7362 https://fortiguard.fortinet.com/psirt/FG-IR-15-017 FortiClient SSLVPN Linux client local privilege escalation vulnerability Reference>