Remote Exploit Vulnerability in Bash - (Shellshock)
Remote Code Execution
FortiAnalyzer (versions 5.0.X and 5.2.0) - authentication required to exploit
FortiAuthenticator - authentication required to exploit
FortiManager (versions 4.3, 5.0.X and 5.2.0) - authentication required to exploit
FortiAnalyzer v5.0.8 is now available.
FortiAnalyzer v5.2.1 is now available.
A patch for FortiAuthenticator v3.1.2 is now available.
A patch for FortiDB v5.1.5 is now available.
FortiManager v5.0.8 is now available.
FortiManager v5.2.1 is now available.
This vulnerability will be fixed in an upcoming patch of AscenLink.
FortiGate customers may apply the IPS signature entitled "Bash.Function.Definitions.Remote.Code.Execution" to protect systems accessible through a FortiGate. This IPS signature is available in the 5.552 IPS update, which will be deployed via FDS on the afternoon of September 25th.
FortiGuard Labs has created an AV signature for this vulnerability and it was deployed using the Hot Update functionality. It is advised that all FortiGate customers ensure they are using AV DB 22.863 or later to help protect systems.
FortiGuard Web Security Service for FortiWeb web application firewall was updated overnight to address the Shellshock vulnerability. Updated package 0.00116 includes signature 090420001 to prevent attackers from executing arbitrary commands over HTTP via specially Bash crafted environments (CVE-2014-6271, CVE-2014-7169). FortiWeb inspects signature 090420001 in URLs, arguments, headers and cookies. The signature is part of the Known Exploits directory and is enabled by default.
Please be sure to back up your affected systems prior to update and read the respective release notes when performing any software upgrade. Firmware release dates for impacted products are pending and this advisory will be updated when available.
For more information on this exploit, FortiGuard Labs has created a special FAQ page with more information. You can find that page at http://blog.fortinet.com/post/shellshock-faq.