FortiClient SSLVPN Linux - Root privilege escalation with subproc Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-16-041 Final 1 1 2017-04-05T00:00:00 Current version 2017-04-05T00:00:00 2017-04-05T00:00:00 The first run of the FortiClient SSLVPN script results in the subproc file becoming suid & root owned binary. The issue lays in the lack of any check if this is the right file that the ownership and suid flag should be granted to. Replacement of this file with another appropriate file could result in its execution with root privilege. Escalation of privilege FortiClient SSLVPN for Linux available with FortiOS before versions 5.4.3 and below. Upgrade to FortiClient SSLVPN Linux available with FortiOS version 5.4.4 or above. Fortinet is pleased to thank Grzegorz Wrobel of STMSolutions for reporting this vulnerability under responsible disclosure. CVE-2016-8497 0 https://fortiguard.fortinet.com/psirt/FG-IR-16-041 FortiClient SSLVPN Linux - Root privilege escalation with subproc Reference>