====================================================================

                                 CERT-Renater

                      Note d'Information No. 2016/VULN299
_____________________________________________________________________

DATE                : 18/08/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): FortiOS versions 4.x prior to 4.1.11, 4.2.13,
                       4.3.9, 5.0.

=====================================================================
http://fortiguard.com/advisory/FG-IR-16-023
____________________________________________________________________


Info

Risk                   4   High
Date                   Aug 17 2016
Impact                 Remote administrative access
Fixed In Firmware      4.1.11, 4.2.13, 4.3.9, 5.0


Cookie Parser Buffer Overflow Vulnerability

FortiGate firmware (FOS) released before Aug 2012 has a cookie parser
buffer overflow vulnerability. This vulnerability, when exploited by a
crafted HTTP request, can result in execution control being taken over.

Affected firmware versions are lower versions of 4.x firmware release.

FOS 5.x firmware is NOT affected.

The investigation is continuing for the other Fortinet products.


Impact

Remote administrative access


Affected Products

FortiGate (FOS):
4.3.8 and below
4.2.12 and below
4.1.10 and below


Risk

4   High


Solutions

Upgrade to release 5.x.

Upgrade to release 4.3.9 or above for models not compatible with
FortiOS 5.x.

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================