PSIRT Advisory

CVE-2015-0235 "GHOST" vulnerability

Impact

Remote Code Execution

Affected Products

FortiOS, FortiCache, FortiWeb, FortiADC E series, FortiExtender - All versions embed a vulnerable version of glibc, however the vulnerable functions are not called by Fortinet code (nor are they called by third-party code). Therefore, these products are not vulnerable.All versions of the following products embed a vulnerable version of glibc, however no real-life exploitation scenario has been found to be possible so far:FortiManager versions FortiAnalyzer FortiMail versions FortiVoiceEnterprise versions FortiRecorder versions AscenLink versions FortiSandbox all versions FortiAuthenticator versions FortiSwitch versions FortiWAN versions FortiDDoS versions FortiDB all versionsFortiADC D series versions

Solutions

Regardless the exploitability (or lack thereof), all products embedding a vulnerable version of glibc will be updated.
In the meantime, to reduce further the theoretical attack surface, Fortinet PSIRT recommends the following:

  • Make sure IPS signature Glibc.Gethostbyname.Buffer.Overflow is enabled. It is available in IPS update 5.604
  • Make sure the administration interfaces of your Fortinet products are not accessible from outside of your network