CVE-2005-3057

Name of the Vulnerable Software and Affected Versions FortiGate versions prior to 3.0 MR1

Description The issue allows remote attackers to bypass the Fortinet FTP anti-virus engine. This can be achieved by sending a STOR command and uploading a file before the FTP server response has been sent. An example of this exploit has been demonstrated using LFTP.

Recommendations For versions prior to 3.0 MR1, update to version 3.0 MR1 or later to resolve the issue. As a temporary workaround, consider restricting access to the FTP component until a patch is available. Avoid using the FTP component for uploading files until the issue is resolved.