CVE-2020-7041

NameCVE-2020-7041
DescriptionAn issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openfortivpn (PTS)buster1.8.1-1vulnerable
bullseye1.15.0-1fixed
bookworm1.19.0-2fixed
sid, trixie1.22.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openfortivpnsource(unstable)1.12.0-1

Notes

[buster] - openfortivpn <no-dsa> (Minor issue)
https://github.com/adrienverge/openfortivpn/issues/536
https://github.com/adrienverge/openfortivpn/commit/60660e00b80bad0fadcf39aee86f6f8756c94f91

Search for package or bug name: Reporting problems