Fortinet follows Cisco in confirming Shadow Broker vuln

Versions after August 2012 are in the clear

1 Reg comments Got Tips?

Whatever the source and whoever the backers, evidence is mounting that the Shadow Brokers vuln-dump is real: Fortinet has followed Cisco in confirming its place on the list.

Cisco's confirmation said the EPICBANANA and EXTRABACON vulns listed in the drop were real. It had fixed one in 2011, and the other, a new SNMP bug, is on the to-do list with Snort rules providing temporary protection.

Fortinet's advisory has now landed, adding yet more credence to the dump.

Fortinet's vulnerability only exists in pre-August 2012 versions of its FortiGate firmware. Versions 4.3.8 and below; 4.2.12 and below; and 4.1.10 and below are affected by the cookie parser buffer overflow. Versions 5.x are not affected.

“This vulnerability, when exploited by a crafted HTTP request, can result in execution control being taken over”, the advisory says. If a product can support 5.x firmware, that should be installed; if not, version 4.3.9 or above also fixes it.

Kasperky Lab had already confirmed to El Reg that the archive seemed genuine, but old – it was apparently collected some time in 2013.

That puts the collection of the archive before the White House's 2014 statement that it would quit hoarding vulns unless the NSA could convince it they were vital for intelligence-gathering.

Although the Electronic Frontier Foundation sued the agency in 2014 in the belief it was still keeping zero-days to itself, earlier this month, Columbia University researcher Jason Healey claimed the total number in the hoard these days is around 50. ®


Keep Reading

It's not every day the NSA publicly warns of attacks by Kremlin hackers – so take this critical Exim flaw seriously

GRU crew actively exploit hole – but you patched it months ago, right?

Citrix tells everyone not to worry too much about its latest security patches. NSA's former top hacker disagrees

Eleven flaws cleaned up including one that may be exploited to sling malware downloads

Welcome to the 2020s: Booby-trapped Office files, NSA tipping off Windows cert-spoofing bugs, RDP flaws...

Patch Tuesday Grab your Microsoft, Adobe, SAP, Intel, and VMware fixes now

After blowing $100m to snoop on Americans' phone call logs for four years, what did the NSA get? Just one lead

Section 215 more useless than we suspected yet they still want to keep it

Super-leaker Snowden punts free PDF* of tell-all NSA book with censored parts about China restored, underlined

* In Simplified Chinese

BT: 'Because of the existing underlying supply of the 4G equipment, most of our 5G (NSA) so far is with Huawei'

Vodafone not happy either as telcos complain to defence sub-committee about Huawei removal woes

Remember the Clipper chip? NSA's botched backdoor-for-Feds from 1993 still influences today's encryption debates

Enigma We'll laugh at today's mandated holes in the same way we laugh at those from 25 years ago

When Harry met celly: NSA hoarder thrown in the clink for 9 years – after taking classified work home for decades

Contractor Martin sentenced for squirreling away 50TB of hush-hush files, exploits

Biting the hand that feeds IT © 1998–2020