PSIRT Advisory

Potential Buffer Overflow During HTTP Session Authentication

Summary

Fortinet has verified a potential issue during HTTP session authentication that could lead to a buffer overflow condition on the FortiGate unit when properly exploited. An attacker may craft a malicious HTTP request which exploits a variable in the HTTP header causing the buffer overflow condition when parsed by the FortiGate unit. When properly crafted, it may result in control of code flow execution.

Description

Fortinet has verified a potential issue during HTTP session authentication that could lead to a buffer overflow condition on the FortiGate unit when properly exploited. An attacker may craft a malicious HTTP request which exploits a variable in the HTTP header causing the buffer overflow condition when parsed by the FortiGate unit. When properly crafted, it may result in control of code flow execution.

Impact

Remote Code Execution

Affected Products

Some FortiGate units are affected. The following lists affected FortiOS units and versions, along with release status:

  • v4.2 - FortiGate 60C Units Only
    • Release TBA
  • v4.3 - All FortiGate Units < v4.3.8
    • Fix in v4.3.9, Released 8/20/2012
  • v5.0 Beta - All FortiGate Units
    • Fix in Beta 6, Release Scheduled 8/23/2012

Solutions

Fortinet recommends the following solutions:

  • If your product is affected as per 'Affected Product' section, apply the indicated upgrade when availablebranch under 'Affected Product'.