Details of VAR-200512-0013

ID

VAR-200512-0013

CVE

CVE-2005-3057

TITLE

Fortinet FortiGate Anti-virus engine bypass detection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200512-986

DESCRIPTION

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP. Fortinet FortiGate is reportedly prone to a vulnerability that allows an attacker to bypass antivirus protection. This issue is said to occur when files are transferred using the FTP protocol under certain conditions. FortiGate devices running FortiOS v2.8MR10 and v3beta are affected by this issue. Other versions may also be vulnerable. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration. The FTP component of Fortinet FortiGate cannot properly filter and check files. TITLE: FortiGate URL Filter and Virus Scanning Bypass Vulnerabilities SECUNIA ADVISORY ID: SA18844 VERIFY ADVISORY: http://secunia.com/advisories/18844/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Fortinet FortiOS (FortiGate) 2.x http://secunia.com/product/2289/ Fortinet FortiOS (FortiGate) 3.x http://secunia.com/product/6802/ DESCRIPTION: Mathieu Dessus has reported two vulnerabilities in FortiGate, which can be exploited by malicious people and users to bypass certain security restrictions. 1) The URL blocking functionality can be bypassed by specially-crafted HTTP requests that are terminated by the CR character instead of the CRLF characters. It is also possible to bypass the functionality via a HTTP/1.0 request with no host header. The vulnerability has been reported in FortiOS v2.8MR10 and v3beta. The vulnerability has been reported in FortiOS v2.8MR10 and v3beta. SOLUTION: Do not rely on URL blocking as the only means of blocking users' access. Desktop-based on-access virus scanners should be used together with server-based virus scanners. PROVIDED AND/OR DISCOVERED BY: Mathieu Dessus ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042139.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042140.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2005-3057 // BID: 16597 // VULHUB: VHN-14266 // PACKETSTORM: 43767

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortigate	scope:	eq	version:	2.8	Trust: 1.6
vendor:	fortinet	model:	fortios	scope:	lte	version:	3_beta	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lte	version:	2.8_mr10	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	2.8_mr10	Trust: 0.6
vendor:	fortinet	model:	fortios	scope:	eq	version:	3_beta	Trust: 0.6
vendor:	fortinet	model:	fortios beta	scope:	eq	version:	3.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	2.80	Trust: 0.3
vendor:	fortinet	model:	fortios mr5	scope:	eq	version:	2.50	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	2.50	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	2.36	Trust: 0.3
vendor:	fortinet	model:	fortios mr10	scope:	eq	version:	2.8	Trust: 0.3
vendor:	fortinet	model:	fortios 0mr4	scope:	eq	version:	2.5	Trust: 0.3
vendor:	fortinet	model:	fortios mr12	scope:	eq	version:	2.80	Trust: 0.3
vendor:	fortinet	model:	fortios mr1	scope:	ne	version:	3.0	Trust: 0.3

sources: BID: 16597 // CNNVD: CNNVD-200512-986 // NVD: CVE-2005-3057

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-3057
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200512-986
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-14266
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-3057
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-14266
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-14266 // CNNVD: CNNVD-200512-986 // NVD: CVE-2005-3057

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2005-3057

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200512-986

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200512-986

EXTERNAL IDS

db:	BID	id:	16597	Trust: 2.0
db:	NVD	id:	CVE-2005-3057	Trust: 2.0
db:	SECUNIA	id:	18844	Trust: 1.8
db:	VUPEN	id:	ADV-2006-0539	Trust: 1.7
db:	CNNVD	id:	CNNVD-200512-986	Trust: 0.7
db:	FULLDISC	id:	20060213 BYPASS FORTINET ANTI-VIRUS USING FTP	Trust: 0.6
db:	BUGTRAQ	id:	20060213 BYPASS FORTINET ANTI-VIRUS USING FTP	Trust: 0.6
db:	XF	id:	24624	Trust: 0.6
db:	NSFOCUS	id:	8485	Trust: 0.6
db:	VULHUB	id:	VHN-14266	Trust: 0.1
db:	PACKETSTORM	id:	43767	Trust: 0.1

sources: VULHUB: VHN-14266 // BID: 16597 // PACKETSTORM: 43767 // CNNVD: CNNVD-200512-986 // NVD: CVE-2005-3057

REFERENCES

url:	http://lists.grok.org.uk/pipermail/full-disclosure/2006-february/042139.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/16597	Trust: 1.7
url:	http://secunia.com/advisories/18844	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=113986337408103&w=2	Trust: 1.6
url:	http://www.vupen.com/english/advisories/2006/0539	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/24624	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/24624	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/0539	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/8485	Trust: 0.6
url:	http://fortinet.com/fortiguardcenter/ftp_vuln.html	Trust: 0.3
url:	http://www.fortinet.com/	Trust: 0.3
url:	/archive/1/424857	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=113986337408103&w=2	Trust: 0.1
url:	http://secunia.com/product/6802/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2006-february/042140.html	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/18844/	Trust: 0.1
url:	http://secunia.com/product/2289/	Trust: 0.1

sources: VULHUB: VHN-14266 // BID: 16597 // PACKETSTORM: 43767 // CNNVD: CNNVD-200512-986 // NVD: CVE-2005-3057

CREDITS

Mathieu Dessus mdessus@gmail.com

Trust: 0.6

sources: CNNVD: CNNVD-200512-986

SOURCES

db:	VULHUB	id:	VHN-14266
db:	BID	id:	16597
db:	PACKETSTORM	id:	43767
db:	CNNVD	id:	CNNVD-200512-986
db:	NVD	id:	CVE-2005-3057

LAST UPDATE DATE

2024-08-14T14:00:32.191000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-14266	date:	2017-07-11T00:00:00
db:	BID	id:	16597	date:	2009-07-12T17:56:00
db:	CNNVD	id:	CNNVD-200512-986	date:	2011-07-15T00:00:00
db:	NVD	id:	CVE-2005-3057	date:	2017-07-11T01:33:05.347

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-14266	date:	2005-12-31T00:00:00
db:	BID	id:	16597	date:	2006-02-13T00:00:00
db:	PACKETSTORM	id:	43767	date:	2006-02-13T19:29:16
db:	CNNVD	id:	CNNVD-200512-986	date:	2005-12-31T00:00:00
db:	NVD	id:	CVE-2005-3057	date:	2005-12-31T05:00:00