CVE-2015-7547 glibc vulnerability - is FortiOS vulnerable?

Major bug in glibc affecting DNS lookups, potential remote code execution - https://access.redhat.com/security/cve/cve-2015-7547

Is FortiOS vulnerable, and if yes, what versions?

Best answer by netmin

SuperUser

Before FTNT is responding (nothing to find yet), there are 2 mitigating measure one can take:

- limit DNS UDP packets to 512 bytes (discard larger packets)

- limit DNS TCP packets to 1024 bytes (discard larger packets)

On the fly, suggestions how to protect a FGT using these limits? A custom IPS signature?

New Member

How do you apply IPS signatures to traffic originating from (and responding to) Fortigate's own DNS resolver?

SuperUser

[strike]Using "local-in" policies[/strike] - CLI only. Unfortunately, this does not support UTM profiles.

Sign up