CVE-2015-7362

Name of the Vulnerable Software and Affected Versions Fortinet FortiClient Linux SSLVPN versions prior to build 2313

Description The issue allows local users to gain privileges via the helper/subroc setuid program when Fortinet FortiClient Linux SSLVPN is installed on Linux in a home directory that is world readable and executable.

Recommendations For versions prior to build 2313, update to build 2313 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the home directory to prevent world readability and executability. Restrict access to the helper/subroc setuid program to minimize the risk of exploitation.