cnvd - cnvd-2015-05796

cnvd-2015-05796

Vulnerability from cnvd

Title

Fortinet FortiClient任意代码执行漏洞

Description

Fortinet FortiClient是美国飞塔（Fortinet）公司一套终端安全解决方案，为终端用户提供防病毒、加密等服务。 Fortinet FortiClient 5.2.4之前的版本存在任意代码漏洞，允许本地用户通过在0x220024或 0x220028的ioctl调用中设置回调函数使用内核权限执行任意代码。

Severity

高

Formal description

目前没有详细的解决方案，请到厂商的主页下载： http://www.fortinet.com

Reference

http://www.securitytracker.com/id/1033439

Impacted products

Name
Fortinet FortiClient < 5.2.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5736"
    }
  },
  "description": "Fortinet FortiClient\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u4e00\u5957\u7ec8\u7aef\u5b89\u5168\u89e3\u51b3\u65b9\u6848\uff0c\u4e3a\u7ec8\u7aef\u7528\u6237\u63d0\u4f9b\u9632\u75c5\u6bd2\u3001\u52a0\u5bc6\u7b49\u670d\u52a1\u3002\r\nFortinet FortiClient 5.2.4\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u4efb\u610f\u4ee3\u7801\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u7528\u6237\u901a\u8fc7\u57280x220024\u6216 0x220028\u7684ioctl\u8c03\u7528\u4e2d\u8bbe\u7f6e\u56de\u8c03\u51fd\u6570\u4f7f\u7528\u5185\u6838\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Enrique Nissim",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.fortinet.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-05796",
  "openTime": "2015-09-07",
  "products": {
    "product": "Fortinet FortiClient \u003c 5.2.4"
  },
  "referenceLink": "http://www.securitytracker.com/id/1033439",
  "serverity": "\u9ad8",
  "submitTime": "2015-09-06",
  "title": "Fortinet FortiClient\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2015-5736 (GCVE-0-2015-5736)

Vulnerability from cvelistv5

Published

2015-09-03 14:00

Modified

2024-08-06 06:59

Severity ?

CWE

Summary

The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.

References

URL

Tags

	http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities	x_refsource_MISC
	https://www.exploit-db.com/exploits/41722/	exploit, x_refsource_EXPLOIT-DB
	http://packetstormsecurity.com/files/133398/FortiClient-Antivirus-Information-Exposure-Access-Control.html	x_refsource_MISC
	https://www.exploit-db.com/exploits/45149/	exploit, x_refsource_EXPLOIT-DB
	http://www.securitytracker.com/id/1033439	vdb-entry, x_refsource_SECTRACK
	http://www.fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/41721/	exploit, x_refsource_EXPLOIT-DB
	http://www.securityfocus.com/archive/1/536369/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://fortiguard.com/advisory/mulitple-vulnerabilities-in-forticlient	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2015/Sep/0	mailing-list, x_refsource_FULLDISC