FortiClient SSLVPN Linux - Arbitrary write to log file
The first launch of FortiClient SSLVPN Linux creates a log file without any prior check. By previously creating a symbolic or hard link with the name of the log file to any file in the filesystem, an attacker may smash the latter existing file. This is due to the fact that the first launch of FortiClient SSLVPN Linux will then add log content to the said file.
Potential execution of unauthorized code or commands
FortiClient SSLVPN for Linux available with FortiOS before versions 5.4.2 and below.
Upgrade to FortiClient SSLVPN Linux available with FortiOS version 5.4.3 or above.
Fortinet is pleased to thank Grzegorz Wrobel of STMSolutions for reporting this vulnerability under responsible disclosure.