PT-2016-3749 · Fortinet · Forticlient Linux Sslvpn

Published

2016-01-08

Updated

2016-12-03

CVE-2015-7362

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Fortinet FortiClient Linux SSLVPN versions prior to build 2313

Description The issue allows local users to gain privileges via the helper/subroc setuid program when Fortinet FortiClient Linux SSLVPN is installed on Linux in a home directory that is world readable and executable.

Recommendations For versions prior to build 2313, update to build 2313 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the home directory to prevent world readability and executability. Restrict access to the helper/subroc setuid program to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2015-7362

Affected Products

Forticlient Linux Sslvpn

PT-2016-3749 · Fortinet · Forticlient Linux Sslvpn

CVE-2015-7362

Weakness Enumeration

Related Identifiers

Affected Products

References · 2