Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lm21108
New Contributor

Created on ‎02-12-2024 07:51 AM

PSIRT-FG-IR-22-398 heap-based buffer overflow [CWE-122] hit after V7.2.7 Build 1577 update

I updated our Fortigate 100E to V7.2.7 Build 1577 on 2/9/2024 manually (after frequent timeouts via fabric management). Received notification of sslvpnd application crashes on 2/11/2024. Further examination showed no trace of the CVE-2022-42475 indicators, or traffic with the listed critical IPs, but there were 3 crashes.

 

Could this still be an issue with the F100E?

 

Thanks.

-----------------

SSH logs follow:

 

# diagnose debug crashlog read

<truncated to relevant datetime>

 

6138: 2024-02-09 14:02:49 the killed daemon is /bin/eap_proxy: status=0x0

6139: 2024-02-11 05:41:45 sslvpn watchdog timeout

6140: 2024-02-11 05:41:45 <00274> firmware FortiGate-100E v7.2.7,build1577b1577,240131 (GA.M) (Release)

6141: 2024-02-11 05:41:45 <00274> application sslvpnd

6142: 2024-02-11 05:41:45 <00274> *** signal 11 (Segmentation fault) received ***

6143: 2024-02-11 05:41:45 <00274> Register dump:

6144: 2024-02-11 05:41:45 <00274> R0: 36fb7adc   R1: 00000005   R2: 3ec53480    R3: 00000005

6145: 2024-02-11 05:41:45 <00274> R4: 36b8f000   R5: 36fb7adc   R6: 3ec53520    R7: 3ec53460

6146: 2024-02-11 05:41:45 <00274> R8: 3ec534b0   R9: 36f7c26c  R10: 00000000    FP: 3ec5ff48

6147: 2024-02-11 05:41:45 <00274> IP: 36b8f048   SP: 3ec53460   LR: 36b7341f    PC: 36b73192

6148: 2024-02-11 05:41:45 <00274> CPSR: 200f0030   Addr: 00000005

6149: 2024-02-11 05:41:45 <00274> Trap: 0000000e   Error: 00000017   OldMask: 00002000

6150: 2024-02-11 05:41:45 <00274> Backtrace:

6151: 2024-02-11 05:41:45 <00274> [0x36b73192] => /usr/lib/arm-linux-gnueabi/libunwind.so.8  liboffset

6152: 2024-02-11 05:41:45 00004192

6153: 2024-02-11 05:41:45 <00274> fortidev 6.0.1.0005

6154: 2024-02-11 05:41:46 the killed daemon is /bin/sslvpnd: status=0xd

6155: 2024-02-11 05:56:24 sslvpn watchdog timeout

6156: 2024-02-11 05:56:24 sslvpnd previously crashed 1 times. The last crash was at 2024-02-11 05:41:45.

6157: 2024-02-11 05:56:24 <19636> firmware FortiGate-100E v7.2.7,build1577b1577,240131 (GA.M) (Release)

6158: 2024-02-11 05:56:24 <19636> application sslvpnd

6159: 2024-02-11 05:56:24 <19636> *** signal 11 (Segmentation fault) received ***

6160: 2024-02-11 05:56:24 <19636> Register dump:

6161: 2024-02-11 05:56:24 <19636> R0: 36fb7adc   R1: 00000005   R2: 3ec53480    R3: 00000005

6162: 2024-02-11 05:56:24 <19636> R4: 36b8f000   R5: 36fb7adc   R6: 3ec53520    R7: 3ec53460

6163: 2024-02-11 05:56:24 <19636> R8: 3ec534b0   R9: 36f7c26c  R10: 00000000    FP: 3ec5ff48

6164: 2024-02-11 05:56:24 <19636> IP: 36b8f048   SP: 3ec53460   LR: 36b7341f    PC: 36b73192

6165: 2024-02-11 05:56:24 <19636> CPSR: 200f0030   Addr: 00000005

6166: 2024-02-11 05:56:24 <19636> Trap: 0000000e   Error: 00000017   OldMask: 00002000

6167: 2024-02-11 05:56:24 <19636> Backtrace:

6168: 2024-02-11 05:56:24 <19636> [0x36b73192] => /usr/lib/arm-linux-gnueabi/libunwind.so.8  liboffset

6169: 2024-02-11 05:56:24 00004192

6170: 2024-02-11 05:56:24 <19636> fortidev 6.0.1.0005

6171: 2024-02-11 06:11:05 sslvpn watchdog timeout

6172: 2024-02-11 06:11:05 sslvpnd previously crashed 2 times. The last crash was at 2024-02-11 05:56:24.

6173: 2024-02-11 06:11:05 <19637> firmware FortiGate-100E v7.2.7,build1577b1577,240131 (GA.M) (Release)

6174: 2024-02-11 06:11:05 <19637> application sslvpnd

6175: 2024-02-11 06:11:05 <19637> *** signal 11 (Segmentation fault) received ***

6176: 2024-02-11 06:11:05 <19637> Register dump:

6177: 2024-02-11 06:11:05 <19637> R0: 36fb7adc   R1: 00000005   R2: 3ec53480    R3: 00000005

6178: 2024-02-11 06:11:05 <19637> R4: 36b8f000   R5: 36fb7adc   R6: 3ec53520    R7: 3ec53460

6179: 2024-02-11 06:11:05 <19637> R8: 3ec534b0   R9: 36f7c26c  R10: 00000000    FP: 3ec5ff48

6180: 2024-02-11 06:11:05 <19637> IP: 36b8f048   SP: 3ec53460   LR: 36b7341f    PC: 36b73192

6181: 2024-02-11 06:11:05 <19637> CPSR: 200f0030   Addr: 00000005

6182: 2024-02-11 06:11:05 <19637> Trap: 0000000e   Error: 00000017   OldMask: 00002000

6183: 2024-02-11 06:11:05 <19637> Backtrace:

6184: 2024-02-11 06:11:05 <19637> [0x36b73192] => /usr/lib/arm-linux-gnueabi/libunwind.so.8  liboffset

6185: 2024-02-11 06:11:05 00004192

6186: 2024-02-11 06:11:05 <19637> fortidev 6.0.1.0005

6187: 2024-02-11 07:11:08 sslvpnd crashed 3 times. The latest crash was at 2024-02-11 06:11:05.

Crash log interval is 3600 seconds

Max crash log line number: 16384

 

Labels:
1030
0 Kudos
2 REPLIES 2
fricci_FTNT
Staff
Staff

Created on ‎02-12-2024 08:56 AM

Hi @lm21108 ,

 

How often it crashes? Does it affect your traffic/VPN users/performances?
If it affects users connected, I would suggest you to open a ticket with our support so the crash can be investigated further, please.

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
1007
0 Kudos
lm21108
New Contributor
In response to fricci_FTNT

Created on ‎02-12-2024 09:15 AM

It appears to have come right back up, no users were online (vpn) at that time so not sure about the effect from that standpoint. Only seems to be those 3 isolated events so far.

I will open a ticket though, if this is still an issue it will need to be fixed.

Thanks.

999
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.