Fortinet FortiClient VPN连接名称本地格式串漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1183154 漏洞类型 格式化字符串
发布时间 2009-04-02 更新时间 2009-04-17
CVE编号 CVE-2009-1262 CNNVD-ID CNNVD-200904-156
漏洞平台 N/A CVSS评分 7.2
|漏洞来源
https://www.securityfocus.com/bid/34343
https://cxsecurity.com/issue/WLB-2009040158
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200904-156
|漏洞详情
FortinetFortiClient是美国飞塔(Fortinet)公司的一套为终端提供安全的软件解决方案。它提供IPsec和SSL加密、广域网优化、终端合规和双因子认证等功能。FortiClient的VPN功能中存在本地格式串漏洞。如果用户在VPN连接名称中指定了特制的格式串标识符并初始化了这个连接的话,就可以触发这个漏洞,导致以System权限级别读写任意内存。
|漏洞EXP
================================================== 
Layered Defense Research Advisory 02 April 2009 
================================================== 
1) Affected Product 
FortiClient Version 3.0.614
Earlier versions may also be vulnerable
================================================== 
2) Severity Rating: Low 
================================================== 
3) Description of Vulnerability: 
A local format string vulnerability was discovered within FortiClient version 3.0.614 VPN .The vulnerability is due to improper processing of format strings specifiers within the VPN connection name. When special crafted format strings are entered as the VPN connection name and the connection is initiated the format string vulnerability is triggered. Making it possible to read and write arbitrary memory at System level. 
================================================== 
4) Solution : Upgrade to FortiClient v3.0 MR7 Patch Release 6
================================================== 
5) Time Table: 
02/02/2009 Reported Vulnerability to Vendor. 
02/03/2009 Vendor acknowledged the vulnerability 
03/13/2009 Vendor published fix
================================================== 
6) Credits Discovered by Deral Heiland, www.LayeredDefense.com 
================================================== 
7) Reference
https://support.fortinet.com/Login/UserLogin.aspx
================================================== 
8) About Layered Defense Layered Defense, Is a group of security professionals that work together on ethical Research, Testing and Training within the information security arena. http://www.layereddefense.com
==================================================
|受影响的产品
Fortinet FortiClient 3.0.614
|参考资料

来源:XF
名称:forticlient-vpn-format-string(49633)
链接:http://xforce.iss.net/xforce/xfdb/49633
来源:VUPEN
名称:ADV-2009-0941
链接:http://www.vupen.com/english/advisories/2009/0941
来源:SECTRACK
名称:1021966
链接:http://www.securitytracker.com/id?1021966
来源:BID
名称:34343
链接:http://www.securityfocus.com/bid/34343
来源:BUGTRAQ
名称:20090410Re:LayeredDefenseResearchAdvisory:FormatStringVulnerability:FortiClientVersion3
链接:http://www.securityfocus.com/archive/1/archive/1/502602/100/0/threaded
来源:BUGTRAQ
名称:20090402LayeredDefenseResearchAdvisory:FormatStringVulnerability:FortiClientVersion3
链接:http://www.securityfocus.com/archive/1/archive/1/502354/100/0/threaded
来源:MISC
链接:http://www.layereddefense.com/FortiClient02Apr.html
来源:SECUNIA
名称:34524
链接:http://secunia.com/advisories/34524
来源:OSVDB
名称:53266
链接:http://osvdb.org/53266
来源:FULLDISC
名称:20090402LayeredDefenseResearchAdvisory:FormatStringVulnerability:FortiClientVersion3
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html