|
 |
|
FortiGate FTP Anti-Virus Scanning Bypass Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA20720
|
|
|
Release Date:
|
2006-06-21
|
|
Last Update:
|
2008-05-15
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Fortinet FortiOS (FortiGate) 2.x
Fortinet FortiOS (FortiGate) 3.x
|
|
| | CVE reference: | CVE-2006-3222 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
A vulnerability has been reported in FortiGate, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an error within the FortiGate FTP proxy when handling the ESPV command. This can be exploited to bypass the virus scanning functionality by an FTP client that uses the EPSV mode for file transfers.
The vulnerability has been reported in all FortiGate models that uses the FTP Anti-Virus gateway scanning service.
Solution:
Update to FortiOS 2.80 MR12 release or FortiOS 3.0 MR2 release.
Users can contact Fortinet Tech Support to obtain the updated firmware.
Provided and/or discovered by:
The vendor credits a recent magazine test review article.
Changelog:
2006-06-28: Added CVE reference.
2008-05-15: Updated link in "Original Advisory" section.
Original Advisory:
http://www.fortiguardcenter.com/advisory/FGA-2006-15.html
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
3 Related Secunia Security Advisories
|
|
|
1. FortiGate URL Filter and Virus Scanning Bypass Vulnerabilities
|
|
2. Fortinet Products ISAKMP IKE Message Processing Vulnerabilities
|
|
3. FortiOS Log File Cross Site Scripting
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
