ESB-2019.0669 - [Appliance] FortiOS, FortiAnalyzer and FortiManager: Execute arbitrary code/commands - Remote/unauthenticated 2019-03-04

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.0669
                Format String Vulnerability in SSH username
                               4 March 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           FortiOS
                   FortiAnalyzer
                   FortiManager
Publisher:         FortiGuard
Operating System:  Network Appliance
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-1352  

Original Bulletin: 
   https://fortiguard.com/psirt/FG-IR-18-018

- --------------------------BEGIN INCLUDED TEXT--------------------

Format String Vulnerability in SSH username

IR Number : FG-IR-18-018

Date      : Jan 11, 2019

Risk      : 4/5

Impact    : Execute unauthorized code or commands

CVE ID    : CVE-2018-1352

Summary

There is a format string vulnerability in the SSH username handling when
connecting to FortiOS 5.6.0, that may lead to memory corruption.

Impact

Execute unauthorized code or commands

Affected Products

FortiOS 5.6.0
The following Fortinet products are NOT affected:
FortiOS :
5.4 branch: not vulnerable
5.2 branch: not vulnerable
FortiAnalyzer
FortiManager


Solutions

Upgrade to FortiOS 5.6.1 or above.
Workaround: Configure the trusthost feature to only allow trusted
administrators to use SSH and deny others.

Acknowledgement

Fortinet thanks Simone Cardona for reporting this vulnerability.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXHzB1WaOgq3Tt24GAQimYxAAwaOATbGKak/I5DECfEX7/N4Pdh1LxWru
c+M/dBWoSVB2QyVQQstsFwsjyX9ef2YrKavcErKhOb8cIim2m9EUvIydtgpOJCiX
6+pXB0n95Z1niKkScRrRCmo84WMe1m9+kksEOmU2rKYoeIzTVyI8ZVZdSZwp27oU
y5EbRm6wzplvgG9VOnNLPlGiFiJ+lm5ABv0qMPLoxBSMcKRHA6cVcM8ua8yIzHr7
lteNRvmQtgxF2Qp10vS2tI+okFltR1Nazefj9Kynmo8FATgwiwh1jVxppaJlnr84
3yVqTfU7Dt18KhDc3pgBTjYacM2hR4yEZ0bipQva4+KJy4gI2AiWB5y/Gra4WmFa
UyzxwOaIdvNHSYUmxl/Uy0TQwNSWsF8lwIIcLl9EnN1Y3nYP/hTNT8iNlwz8t74q
FItLT7wBQl4wSmuMpAoNIK1Sm68qfenOsjCYS/gmdt2nJ/0W7e9G56mRC6rLG4y1
Gtb1QJwvb+86t6PAglss2+gxwHC6xfSQvRhTqXRqN2jFCYngXxndznA1SSjuz4HO
NZc72csNhxJu/9WHFgdK3dM/bCt9LC1JzBbQylE9AEPEHSJEdW95U7lIQ2orRz4B
2iFopHoazNsI5Pge+JRIknR6ORN3gmnJwgKiRiIM7d3yS1Xe8YKg79GnD06w83c2
4bt+ONQOnmk=
=mRXS
-----END PGP SIGNATURE-----

« Back to bulletins