FortiClient SSLVPN Linux - Arbitrary write to log file
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-16-069
Final
1
1
2017-04-05T00:00:00
Current version
2017-04-05T00:00:00
2017-04-05T00:00:00
The first launch of FortiClient SSLVPN Linux creates a log file without any prior check. By previously creating a symbolic or hard link with the name of the log file to any file in the filesystem, an attacker may smash the latter existing file. This is due to the fact that the first launch of FortiClient SSLVPN Linux will then add log content to the said file.
Potential execution of unauthorized code or commands
FortiClient SSLVPN for Linux available with FortiOS before versions 5.4.2 and below.
Upgrade to FortiClient SSLVPN Linux available with FortiOS version 5.4.3 or above.
Fortinet is pleased to thank Grzegorz Wrobel of STMSolutions for reporting this vulnerability under responsible disclosure.
SSL_VPN 5.2.9
SSL_VPN 5.2.8
SSL_VPN 5.2.7
SSL_VPN 5.2.5
SSL_VPN 5.2.4
SSL_VPN 5.2.3
SSL_VPN 5.2.2
SSL_VPN 5.2.1
SSL_VPN 5.0.9
SSL_VPN 5.0.5
SSL_VPN 5.0.4
SSL_VPN 5.0.3
SSL_VPN 5.0.2
SSL_VPN 5.0.1
SSL_VPN 5.0.0
SSL_VPN 4.3.12
SSL_VPN 4.3.11
SSL_VPN 4.3.10
SSL_VPN 4.3.8
SSL_VPN 4.3.3
SSL_VPN 4.3.0
SSL_VPN 4.2.9
SSL_VPN 4.2.2
SSL_VPN 4.2.0
SSL_VPN 4.1.1
SSL_VPN 4.1.0
SSL_VPN 4.0.2
SSL_VPN 4.0.0
SSL_VPN 3.0.0
FortiClient SSLVPN Linux - Arbitrary write to log file
CVE-2016-8496
SSL_VPN-5.2.9
SSL_VPN-5.2.8
SSL_VPN-5.2.7
SSL_VPN-5.2.5
SSL_VPN-5.2.4
SSL_VPN-5.2.3
SSL_VPN-5.2.2
SSL_VPN-5.2.1
SSL_VPN-5.0.9
SSL_VPN-5.0.5
SSL_VPN-5.0.4
SSL_VPN-5.0.3
SSL_VPN-5.0.2
SSL_VPN-5.0.1
SSL_VPN-5.0.0
SSL_VPN-4.3.12
SSL_VPN-4.3.11
SSL_VPN-4.3.10
SSL_VPN-4.3.8
SSL_VPN-4.3.3
SSL_VPN-4.3.0
SSL_VPN-4.2.9
SSL_VPN-4.2.2
SSL_VPN-4.2.0
SSL_VPN-4.1.1
SSL_VPN-4.1.0
SSL_VPN-4.0.2
SSL_VPN-4.0.0
SSL_VPN-3.0.0
0
https://fortiguard.fortinet.com/psirt/FG-IR-16-069
FortiClient SSLVPN Linux - Arbitrary write to log file
Reference>