Sign-up

ID

VAR-200904-0471


CVE

CVE-2009-1262


TITLE

Fortinet FortiClient VPN Connection Name Local Format String Vulnerability

Trust: 0.9

sources: BID: 34343 // CNNVD: CNNVD-200904-156

DESCRIPTION

Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name. Fortinet FortiClient is prone to a local format-string vulnerability because it fails to adequately sanitize user-supplied input before passing it to a formatted-printing function. Successfully exploiting this issue will allow local attackers to execute arbitrary code with SYSTEM-level privileges, completely compromising the computer. Failed exploit attempts will likely result in a denial of service. FortiClient 3.0.614 is vulnerable; other versions may also be affected. Fortinet FortiClient is a set of Fortinet company's software solutions that provide security for terminals. It provides features such as IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication. ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: Fortinet FortiClient VPN Connection Format String Vulnerability SECUNIA ADVISORY ID: SA34524 VERIFY ADVISORY: http://secunia.com/advisories/34524/ DESCRIPTION: A vulnerability has been reported in Fortinet FortiClient, which can be exploited by malicious, local users to gain escalated privileges. This can be exploited to read and write arbitrary memory with SYSTEM privileges via a specially crafted VPN connection name. The vulnerability is reported in version 3.0.614. SOLUTION: Update to version 3.0 MR7 Patch Release 6. PROVIDED AND/OR DISCOVERED BY: Deral Heiland, Layered Defense ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2009-1262 // JVNDB: JVNDB-2009-003327 // BID: 34343 // VULHUB: VHN-38708 // PACKETSTORM: 76353

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlientscope:eqversion:3.0.614

Trust: 2.7

vendor:fortinetmodel:forticlient mr7 patchscope:neversion:3.06

Trust: 0.3

sources: BID: 34343 // JVNDB: JVNDB-2009-003327 // CNNVD: CNNVD-200904-156 // NVD: CVE-2009-1262

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-1262
value: HIGH

Trust: 1.0

NVD: CVE-2009-1262
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200904-156
value: HIGH

Trust: 0.6

VULHUB: VHN-38708
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-1262
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-38708
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-38708 // JVNDB: JVNDB-2009-003327 // CNNVD: CNNVD-200904-156 // NVD: CVE-2009-1262

PROBLEMTYPE DATA

problemtype:CWE-134

Trust: 1.8

sources: JVNDB: JVNDB-2009-003327 // NVD: CVE-2009-1262

THREAT TYPE

local

Trust: 1.0

sources: BID: 34343 // PACKETSTORM: 76353 // CNNVD: CNNVD-200904-156

TYPE

format string

Trust: 0.6

sources: CNNVD: CNNVD-200904-156

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-003327

PATCH
title:Top Pageurl:http://www.fortinet.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-003327

EXTERNAL IDS
db:NVDid:CVE-2009-1262
Trust: 2.8
db:BIDid:34343
Trust: 2.0
db:SECUNIAid:34524
Trust: 1.8
db:SECTRACKid:1021966
Trust: 1.7
db:VUPENid:ADV-2009-0941
Trust: 1.7
db:OSVDBid:53266
Trust: 1.7
db:JVNDBid:JVNDB-2009-003327
Trust: 0.8
db:BUGTRAQid:20090410 RE: LAYERED DEFENSE RESEARCH ADVISORY: FORMAT STRING VULNERABILITY: FORTICLIENT VERSION 3
Trust: 0.6
db:BUGTRAQid:20090402 LAYERED DEFENSE RESEARCH ADVISORY: FORMAT STRING VULNERABILITY: FORTICLIENT VERSION 3
Trust: 0.6
db:FULLDISCid:20090402 LAYERED DEFENSE RESEARCH ADVISORY: FORMAT STRING VULNERABILITY: FORTICLIENT VERSION 3
Trust: 0.6
db:XFid:49633
Trust: 0.6
db:CNNVDid:CNNVD-200904-156
Trust: 0.6
db:VULHUBid:VHN-38708
Trust: 0.1
db:PACKETSTORMid:76353
Trust: 0.1
sources:
            
            
            VULHUB: VHN-38708 // 
            
            
            
            BID: 34343 // 
            
            
            
            JVNDB: JVNDB-2009-003327 // 
            
            
            
            PACKETSTORM: 76353 // 
            
            
            
            CNNVD: CNNVD-200904-156 // 
            
            
            
            NVD: CVE-2009-1262

REFERENCES
url:http://lists.grok.org.uk/pipermail/full-disclosure/2009-april/068583.html
Trust: 1.8
url:http://www.securityfocus.com/bid/34343
Trust: 1.7
url:http://www.layereddefense.com/forticlient02apr.html
Trust: 1.7
url:http://osvdb.org/53266
Trust: 1.7
url:http://www.securitytracker.com/id?1021966
Trust: 1.7
url:http://secunia.com/advisories/34524
Trust: 1.7
url:http://www.vupen.com/english/advisories/2009/0941
Trust: 1.7
url:http://www.securityfocus.com/archive/1/502354/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/502602/100/0/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/49633
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1262
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1262
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/49633
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/502602/100/0/threaded
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/502354/100/0/threaded
Trust: 0.6
url:http://www.fortinet.com/products/forticlient/
Trust: 0.3
url:/archive/1/502354
Trust: 0.3
url:http://secunia.com/advisories/34524/
Trust: 0.1
url:http://secunia.com/advisories/try_vi/request_2008_report/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-38708 // 
            
            
            
            BID: 34343 // 
            
            
            
            JVNDB: JVNDB-2009-003327 // 
            
            
            
            PACKETSTORM: 76353 // 
            
            
            
            CNNVD: CNNVD-200904-156 // 
            
            
            
            NVD: CVE-2009-1262

CREDITS
Deral Heiland  http://www.layereddefense.com/
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200904-156

SOURCES
db:VULHUBid:VHN-38708
db:BIDid:34343
db:JVNDBid:JVNDB-2009-003327
db:PACKETSTORMid:76353
db:CNNVDid:CNNVD-200904-156
db:NVDid:CVE-2009-1262

LAST UPDATE DATE
2024-11-23T22:31:54.021000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-38708date:2018-10-10T00:00:00
db:BIDid:34343date:2009-04-17T23:06:00
db:JVNDBid:JVNDB-2009-003327date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200904-156date:2009-04-18T00:00:00
db:NVDid:CVE-2009-1262date:2024-11-21T01:02:02.583

SOURCES RELEASE DATE
db:VULHUBid:VHN-38708date:2009-04-07T00:00:00
db:BIDid:34343date:2009-04-02T00:00:00
db:JVNDBid:JVNDB-2009-003327date:2012-06-26T00:00:00
db:PACKETSTORMid:76353date:2009-04-06T11:11:40
db:CNNVDid:CNNVD-200904-156date:2009-04-07T00:00:00
db:NVDid:CVE-2009-1262date:2009-04-07T23:30:00.377