FortiClient SSLVPN Linux - Arbitrary Write to forticlientsslvpn.log file Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-16-069 Final 1 1 2017-04-05T00:00:00 Current version 2017-04-05T00:00:00 2017-04-05T00:00:00 The first launch of FortiClient SSLVPN Linux creates a log file without any prior check. By previously creating a symbolic or hard link with the name of the log file to any file in the filesystem, an attacker may smash the latter existing file. This is due to the fact that the first launch of FortiClient SSLVPN Linux will then add log content to the said file. Execute unauthorized code or commands FortiClient SSLVPN for Linux available with FortiOS before versions 5.4.2 and below. Upgrade to FortiClient SSLVPN Linux available with FortiOS version 5.4.3 or above. Fortinet is pleased to thank Grzegorz Wrobel of STMSolutions for reporting this vulnerability under responsible disclosure. CVE-2016-8496 0 https://fortiguard.fortinet.com/psirt/FG-IR-16-069 FortiClient SSLVPN Linux - Arbitrary Write to forticlientsslvpn.log file Reference>