Zero-Day Advisory

Fortinet Discovers Intel Trace Analyzer and Collector Memory Corruption Vulnerability

Summary

Fortinet's FortiGuard Labs has discovered a Memory Corruption vulnerability in Intel Trace Analyzer and Collector 2019.

Intel Trace Analyzer and Collector is a Windows & Linux graphical tool to understand MPI application behavior across its full run-time. It helps users to find temporal dependencies and bottlenecks in code, check the correctness of applications, locate potential programming errors, buffer overlaps, and deadlocks, visualize and understand parallel application behavior, evaluate profiling statistics and load balancing, analyze performance of subroutines or code blocks, learn about communication patterns, parameters, and performance data, identify communication hot spots, decrease time to solution and increase application efficiency. It is shipped individually and also as part of the Intel Parallel Studio product.

A memory corruption vulnerability has been discovered in Intel Trace Analyzer and Collector. The vulnerability is caused by a crafted stf trace file which causes an out-of-bounds memory write access. It could allow malicious users to create code execution scenarios.

Solutions

FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:

Intel.Trace.Analyzer.Collector.FG-VD-19-010.Memory.Corruption
Released Jan 02, 2020

Users should apply the solution provided by Intel.

Timeline

Fortinet reported the vulnerability to Intel on January 21, 2019.

Intel confirmed the vulnerability on January 29, 2019.

Intel patched the vulnerability on January 2, 2020.

References

• https://hackerone.com/reports/483573

Acknowledgement

This vulnerability was discovered by Kushal Arvind Shah of Fortinet's FortiGuard Labs.

IPS Subscription

Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this vulnerability with the appropriate configuration parameters in place. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.