-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.4350
           Privilege escalation and DoS in FortiClient for Linux
                         through local IPC socket
                             18 November 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Fortinet FortiClient
Publisher:         FortiGuard
Operating System:  Linux variants
Impact/Access:     Root Compromise   -- Existing Account
                   Denial of Service -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-17652 CVE-2019-16155 CVE-2019-16152
                   CVE-2019-15711  

Original Bulletin: 
   https://fortiguard.com/psirt/FG-IR-19-238

- --------------------------BEGIN INCLUDED TEXT--------------------

Privilege escalation and DoS in FortiClient for Linux through local IPC socket

IR Number : FG-IR-19-238

Date      : Nov 15, 2019

Risk      : 3/5

Impact    : Privilege Escalation, System Command Injection, Denial of Service

CVE ID    : CVE-2019-15711, CVE-2019-16152, CVE-2019-16155, CVE-2019-17652

Summary

A privilege escalation vulnerability in FortiClient for Linux may allow a user
with low privilege to run root system commands, overwrite system files or cause
FortiClient processes to crash via injecting specially crafted client requests
in the IPC socket of the FortiClient process.


The following four CVE identifiers were assigned to these vulnerabilities based
on different attack vectors:


CVE-2019-15711 - System command injection through IPC socket by export logs

CVE-2019-16152 - DoS through IPC socket by malformat nanomsg

CVE-2019-16155 - Privilege escalation through IPC socket by backup file

CVE-2019-17652 - DoS through IPC socket by argv through nanomsg

Impact

Privilege Escalation, System Command Injection, Denial of Service

Affected Products

FortiClient for Linux 6.2.1 and below

Solutions

Upgrade to FortiClient for Linux 6.2.2


Fortinet is not aware of any public code attempting to exploit these
vulnerabilities.

Acknowledgement

Fortinet is pleased to thank "Cees Elzinga from Langkjaer Cyber Defence" for
reporting this vulnerability under responsible disclosure.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXdH74GaOgq3Tt24GAQgRwBAAqP72QAnSH9njMSnV8eCnHuUwQCtPr/qZ
5TLpfE9YaRbLmW8LYiEIi3YMY7wEMr1+LdD/in9bWmxxjKpLTUolKPWTsJ7J2eQw
mM7rObxiu821ZaLZB/EZjgUUupmp4i3uunGC8PD72BWYK4oT3JbezO0Od2UAz1Zk
IJ6SDw4zbBCKGzLh8+IK71U9JQZiDuRwtODyDg9Jfe934ShgsWSSt8EgvLAnJJwZ
06u7M1zIbNcBCbRzUt3yHk8FFN9TKGeHFJPDaqOubt4jOPM58St7c1RhKQRv8Ytl
/rlyG3dlfZd+6dgb2dVEam4BGl6YDtmlClFc/AZzZF/qDCCwhiLBD7UpHWEUaHHI
y8ftLxzXoztXugxES6i5FULM2oAwEQx1TBV+lYZCrzBW5irQpivcFHyBAyijhBGZ
1nEV+jI2Gfp8JZ3hmoQ0j5xX89SIHlSXLvxNvZBhb3+u2RHbcj+oP7g8haSS/AEF
BdSRO7zkGwi7Lym764uLCFOBc/dCnsNNsMiqlvSmF3n1u9b5VHgyQKCU+Uw+5wyS
NxEFfXZyQPo7U8KuKc/o9uSf4QmUkX408cxN4bPGEjxx9K4VmLZtqjN0abRmlPsg
uRtHgiGvlnRQDnaqlxjGn/DgP7w5rjBigOaJQDI0KTDoDZOXXFKKPqBIQoCTNE40
fbww7I8Tqb8=
=yW5l
-----END PGP SIGNATURE-----