Sign-up

ID

VAR-200802-0510


CVE

CVE-2008-0779


TITLE

Fortinet FortiClient Host Security MR5 Patch 3 of fortimon.sys Vulnerability to execute arbitrary code in device driver

Trust: 0.8

sources: JVNDB: JVNDB-2008-002726

DESCRIPTION

The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request. Fortinet FortiClient is prone to a local privilege-escalation vulnerability because it fails to perform adequate device filtering. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers. Versions prior to FortiClient 3.0 MR5 Patch 4 are vulnerable. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Fortinet FortiClient Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA28975 VERIFY ADVISORY: http://secunia.com/advisories/28975/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Fortinet FortiClient 3.x http://secunia.com/product/11276/ DESCRIPTION: Ruben Santamarta has reported a vulnerability in Fortinet FortiClient, which can be exploited by malicious, local users to gain escalated privileges. SOLUTION: Update to version 3.0 MR5 Patch 4 or version 3.0 MR6. PROVIDED AND/OR DISCOVERED BY: Ruben Santamarta, Reverse Mode ORIGINAL ADVISORY: Fortinet: http://kc.forticare.com/default.asp?id=3618 Reverse Mode: http://www.reversemode.com/index.php?option=com_mamblog&Itemid=15&task=show&action=view&id=47&Itemid=15 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-0779 // JVNDB: JVNDB-2008-002726 // BID: 27776 // VULHUB: VHN-30904 // PACKETSTORM: 63658

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlient host securityscope:lteversion:3.0

Trust: 1.0

vendor:fortinetmodel:forticlient host securityscope:lteversion:3.0 mr5 patch 3

Trust: 0.8

vendor:fortinetmodel:forticlient host securityscope:eqversion:3.0

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:2.0

Trust: 0.3

vendor:fortinetmodel:forticlient mr5 patchscope:eqversion:3.03

Trust: 0.3

vendor:fortinetmodel:forticlient mr6scope:neversion:3.0

Trust: 0.3

vendor:fortinetmodel:forticlient mr5 patchscope:neversion:3.04

Trust: 0.3

sources: BID: 27776 // JVNDB: JVNDB-2008-002726 // CNNVD: CNNVD-200802-289 // NVD: CVE-2008-0779

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-0779
value: HIGH

Trust: 1.0

NVD: CVE-2008-0779
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200802-289
value: HIGH

Trust: 0.6

VULHUB: VHN-30904
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-0779
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-30904
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-30904 // JVNDB: JVNDB-2008-002726 // CNNVD: CNNVD-200802-289 // NVD: CVE-2008-0779

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-30904 // JVNDB: JVNDB-2008-002726 // NVD: CVE-2008-0779

THREAT TYPE

local

Trust: 1.0

sources: BID: 27776 // PACKETSTORM: 63658 // CNNVD: CNNVD-200802-289

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200802-289

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-002726

PATCH
title:Top Pageurl:http://www.fortinet.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-002726

EXTERNAL IDS
db:NVDid:CVE-2008-0779
Trust: 2.8
db:BIDid:27776
Trust: 2.0
db:SECUNIAid:28975
Trust: 1.8
db:SECTRACKid:1019415
Trust: 1.7
db:SREASONid:3660
Trust: 1.7
db:VUPENid:ADV-2008-0541
Trust: 1.7
db:JVNDBid:JVNDB-2008-002726
Trust: 0.8
db:XFid:40512
Trust: 0.6
db:BUGTRAQid:20080213 [REVERSEMODE ADVISORY] FEBRUARY ADVISORIES : MICROSOFT WORD 2003 + FORTINET FORTICLIENT
Trust: 0.6
db:CNNVDid:CNNVD-200802-289
Trust: 0.6
db:VULHUBid:VHN-30904
Trust: 0.1
db:PACKETSTORMid:63658
Trust: 0.1
sources:
            
            
            VULHUB: VHN-30904 // 
            
            
            
            BID: 27776 // 
            
            
            
            JVNDB: JVNDB-2008-002726 // 
            
            
            
            PACKETSTORM: 63658 // 
            
            
            
            CNNVD: CNNVD-200802-289 // 
            
            
            
            NVD: CVE-2008-0779

REFERENCES
url:http://kc.forticare.com/default.asp?id=3618
Trust: 1.8
url:http://www.securityfocus.com/bid/27776
Trust: 1.7
url:http://www.securitytracker.com/id?1019415
Trust: 1.7
url:http://secunia.com/advisories/28975
Trust: 1.7
url:http://securityreason.com/securityalert/3660
Trust: 1.7
url:http://www.reversemode.com/index.php?option=com_mamblog&itemid=15&task=show&action=view&id=47&itemid=15
Trust: 1.7
url:http://www.securityfocus.com/archive/1/488071/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2008/0541/references
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/40512
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0779
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0779
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/488071/100/0/threaded
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/40512
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/0541/references
Trust: 0.6
url:http://www.fortinet.com/
Trust: 0.3
url:/archive/1/488071
Trust: 0.3
url:http://www.reversemode.com/index.php?option=com_mamblog&itemid=15&task=show&action=view&id=47&itemid=15
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/28975/
Trust: 0.1
url:http://secunia.com/product/11276/
Trust: 0.1
url:https://psi.secunia.com/?page=changelog
Trust: 0.1
url:https://psi.secunia.com/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-30904 // 
            
            
            
            BID: 27776 // 
            
            
            
            JVNDB: JVNDB-2008-002726 // 
            
            
            
            PACKETSTORM: 63658 // 
            
            
            
            CNNVD: CNNVD-200802-289 // 
            
            
            
            NVD: CVE-2008-0779

CREDITS
Reversemode discovered this issue.
Trust: 0.9
sources:
            
            
            BID: 27776 // 
            
            
            
            CNNVD: CNNVD-200802-289

SOURCES
db:VULHUBid:VHN-30904
db:BIDid:27776
db:JVNDBid:JVNDB-2008-002726
db:PACKETSTORMid:63658
db:CNNVDid:CNNVD-200802-289
db:NVDid:CVE-2008-0779

LAST UPDATE DATE
2024-11-23T19:56:48.352000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-30904date:2018-10-15T00:00:00
db:BIDid:27776date:2015-05-07T17:32:00
db:JVNDBid:JVNDB-2008-002726date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200802-289date:2008-09-05T00:00:00
db:NVDid:CVE-2008-0779date:2024-11-21T00:42:53.450

SOURCES RELEASE DATE
db:VULHUBid:VHN-30904date:2008-02-14T00:00:00
db:BIDid:27776date:2008-02-13T00:00:00
db:JVNDBid:JVNDB-2008-002726date:2012-06-26T00:00:00
db:PACKETSTORMid:63658date:2008-02-14T23:16:05
db:CNNVDid:CNNVD-200802-289date:2008-02-14T00:00:00
db:NVDid:CVE-2008-0779date:2008-02-14T12:00:00