Cookie Parser Buffer Overflow Vulnerability
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-16-023
Final
1
1
2016-08-17T00:00:00
Current version
2016-08-17T00:00:00
2016-08-17T00:00:00
FortiGate firmware (FortiOS) released before Aug 2012 has a cookie parser buffer overflow vulnerability. This vulnerability, when exploited by a crafted HTTP request, can result in execution control being taken over. Â Affected firmware versions are lower versions of 4.x firmware release. Â FortiOS 5.x firmware is NOT affected.Affected FortiSwitch firmware versions are 3.4.2 and below.
Remote administrative access
FortiGate (FortiOS):Â 4.3.8 and below 4.2.12 and below 4.1.10 and belowFortiSwitch:3.4.2 and below
Upgrade to release 5.x.Upgrade to release 4.3.9 or above for models not compatible with FortiOS 5.x.Note that the following AV and IPS signatures block the potential attacks:ELF/Adows.A!exploit since AV DB 36.803IPS signature: FortiGate.Cookie.Buffer.Overflow since IPS DB 8.935FortiSwitch:Upgrade to release 3.4.3Workarounds:FortiOS:Disable admin access via HTTP and HTTPS on all interfaces, and use SSH insteadOn 4.3, if HTTP or HTTPS access is mandatory, one can restrict access to HTTP and HTTPS to a minimal set of authorized IP addresses, via the Local In policiesOn 4.2 and 4.1, if HTTP or HTTPS access is mandatory, one can restrict access to the administration interfaces (including HTTP and HTTPS access) to a minimal set of authorized IP addresses, via the trusthost commandsFortiSwitch:Disable admin access via HTTP and HTTPS on all interfaces, and use the CLI instead. Alternatively, restrict access to the administration interfaces (including HTTP and HTTPS access) to a minimal set of authorized IP addresses, via the trusthost commands
The vulnerability was initially reported to Fortinet in August 2012 by Florian Gaultier of SCRT. Back then, it was mentioned in FortiOS 4.3.9 release notes.
Cookie Parser Buffer Overflow Vulnerability
CVE-2016-6909
https://fortiguard.fortinet.com/psirt/FG-IR-16-023
Cookie Parser Buffer Overflow Vulnerability
Reference>