-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.1670
            Remote Exploit Vulnerability in Bash - (Shellshock)
                             26 September 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           FortiAnalyzer
                   FortiAuthenticator
                   FortiDB
                   FortiManager
                   AscenLink
Publisher:         FortiGuard Labs
Operating System:  Network Appliance
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
Resolution:        Mitigation
CVE Names:         CVE-2014-6271  

Reference:         ESB-2014.1669
                   ESB-2014.1668
                   ESB-2014.1660
                   ESB-2014.1659
                   ESB-2014.1657

Original Bulletin: 
   http://www.fortiguard.com/advisory/FG-IR-14-030/

Comment: FortiGuard Labs has not yet released patches for these devices but 
         have stated that these patches are upcoming. In the meantime they
         have provided workarounds in the form of an IPS signature and AV 
         signature.

- --------------------------BEGIN INCLUDED TEXT--------------------

Remote Exploit Vulnerability in Bash - (Shellshock)

Info

Risk 	5 Critical 
Date 	Sep 25 2014 
Impact 	Remote Code Execution 
CVE ID 	CVE-2014-6271

Impact

Under certain circumstances, exploitation of this vulnerability can result in
unwanted code executing on the vulnerable system.

Affected Products

FortiAnalyzer (versions 5.0.X and 5.2.0) - authentication required to exploit
FortiAuthenticator - authentication required to exploit FortiDB FortiManager 
(versions 4.3, 5.0.X and 5.2.0) - authentication required to exploit AscenLink
v7.X

Solutions

FortiAnalyzer

This vulnerability will be fixed in an upcoming patch of FortiAnalyzer.

FortiAuthenticator

This vulnerability will be fixed in an upcoming patch of FortiAuthenticator.

FortiDB

This vulnerability will be fixed in an upcoming patch of FortiDB.

FortiManager

This vulnerability will be fixed in an upcoming patch of FortiManager.

AscenLink

This vulnerability will be fixed in an upcoming patch of AscenLink.

Workarounds

FortiGate customers may apply the IPS signature entitled 
"Bash.Function.Definitions.Remote.Code.Execution" to protect systems 
accessible through a FortiGate. This IPS signature is available in the 5.552 
IPS update, which will be deployed via FDS on the afternoon of September 25th.

FortiGuard Labs has created an AV signature for this vulnerability and it was
deployed using the Hot Update functionality. It is advised that all FortiGate
customers ensure they are using AV DB 22.863 or later to help protect systems.

Please be sure to back up your affected systems prior to update and read the 
respective release notes when performing any software upgrade. Firmware 
release dates for impacted products are pending and this advisory will be 
updated when available.

References

For more information on this exploit, FortiGuard Labs has created a special 
FAQ page with more information. You can find that page at blog.fortinet.com.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVCTEGhLndAQH1ShLAQJPqBAAhYXg549o6n5mbi073a0HsOlDOMWk1PEw
aHkC70x36lZgzmz1jQCkjcgGSnsWEwLpQ3Vxe+WJdAj4MY9gHJVPc5XoEVKvrOY2
eD70xZ3EWsfwrrLjtFdOjZR0/ihfrSTaEjspAFFWpPNcQYRaW9I8wDrHthaikivE
vd4WEC99G1PJh7I0ba6x32/npsGwM611QRB8SYFbDa0XhF+SoUt/giMDprTLi+gc
lCFBVT4GKrfVmjOafBbonysFkoUcMnLm7D7efaSyKlb7k6BBHYXpfLZrKf7SsLn2
qfhmYAN9CxApF+jlo3/UvNRx0dYbHgOkhs26ykSlvKPk7RV4t5i6dE9ay5w7PfEV
sUVuJdyEPjDzObzBAScnbSThev4K/7cm+IUFQ6UVixi69+WhaP83lC6kzkwV7Wl0
uOsN5IVSPZlvvbk0QZBCt7018sEZ9j0J6FRfoh19JKSUr6UZhxLS6N17sKVAvcCf
Pj+OZqyz9OIqTVR1fxTCXxR69uLFsmGdxcjo5nbxrIVnzx+jZTya9x3oT+RW0cKD
MY/bt0d9DIg5s/V3Xo9V56TbRN+tTSXSqNPyASikR80lb8bz6qXaWT8oCms89tAO
LVGwvkRXHNjgI+4hyOk5kA1v6FfVSgfaxdwX1/K7m1Lg2e+uYMZIx2DxxPeaukoJ
cciG/FntL8E=
=p/yo
-----END PGP SIGNATURE-----