Versions Affected : All versions prior to TrueNAS Core 13.0-U3
There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba).
Versions Affected : All versions prior to TrueNAS Core 12.0-U8.1.
To verify if a system isvulnerable, run afpd -v. Systems with a version string that is not 3.1.13 or newer are vulnerable.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability.
Versions Affected : All versions prior to TrueNAS Core 12.0-U8.1
To verify if a system isvulnerable, run afpd -v. Systems with a version string that is not 3.1.13 or newer are vulnerable.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability.
Versions Affected : All versions prior to TrueNAS Core 12.0-U8.1
To verify if a system isvulnerable, run afpd -v. Systems with a version string that is not 3.1.13 or newer are vulnerable.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability.
Versions Affected : All versions prior to TrueNAS Core 12.0-U8.1
To verify if a system isvulnerable, run afpd -v. Systems with a version string that is not 3.1.13 or newer are vulnerable.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability.
Versions Affected : All versions prior to TrueNAS Core 12.0-U8.1
To verify if a system isvulnerable, run afpd -v. Systems with a version string that is not 3.1.13 or newer are vulnerable.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability.
Versions Affected : All versions prior to TrueNAS Core 12.0-U8.1
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability.
Versions Affected : All SCALE versions prior to TrueNAS SCALE 22.02.0.1. All CORE versions priot to TrueNAS CORE 12.0-U8.1
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli.
Versions Affected : All versions prior to TrueNAS SCALE 22.02.0.1. Description Non-transparent sharing of branch predictor within a context in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. CVSS CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Base score 4.7. Workaround No workarounds available Mitigation Intel recommends that affected Intel® Processors disable access to managed runtimes in privileged modes to help prevent managed runtimes from being used as disclosure gadgets, such as unprivileged Extended Berkeley packet filter (eBPF) in kernel mode.
Versions Affected : All versions prior to TrueNAS SCALE 22.02.0.1. Description Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. CVSS CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Base score 4.7. Workaround No workarounds available Mitigation Intel recommends that affected Intel® Processors disable access to managed runtimes in privileged modes to help prevent managed runtimes from being used as disclosure gadgets, such as unprivileged Extended Berkeley packet filter (eBPF) in kernel mode.
Versions Affected : All versions prior to TrueNAS SCALE 22.02.0.1. Versions Not Affected : TrueNAS CORE is not vulnerable.
A flaw was found in the way the “flags” member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values.
Versions Affected : All versions prior to TrueNAS Core 12.0-U8 and SCALE 22.02 where:
All versions of Samba prior to 4.13.17 or 4.15.5 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.
Versions Affected : All versions prior to TrueNAS Core 12.0-U8.
Versions Not Affected : TrueNAS SCALE is not vulnerable.
All versions of Samba prior to 4.15.0 are vulnerable to a malicious client using an SMB1 or NFS symlink race to allow filesystem metadata to be accessed in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.
Versions Affected : All versions prior to TrueNAS Core 13.0-U2 and TrueNAS SCALE 22.02.3
All versions of Samba with SMB1 enabled are vulnerable to a server memory information leak bug over SMB1 if a client can write data to a share.
Versions Affected : All versions prior to TrueNAS 12.0-U6.1 and SCALE 22.02-RC.1-2
Samba will attempt to find a user “DOMAIN\user” before falling back to trying to find the user “user”. If the DOMAIN\user lookup can be made to fail, then a privilege escalation is possible.
Versions Affected : All versions prior to TrueNAS 12.0-U6.1 and SCALE 22.02-RC.1-2
If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.
Versions Affected : All versions prior to SCALE 22.02-RC.1-2
A man in the middle attack can force the client side SMB1 code to fall-back to plaintext or NTLM based authentication even if Kerberos authentication was requested by the user or application.
Versions Affected : All versions prior to TrueNAS 12.0-U3.1
Negative idmap cache entries can cause incorrect group entries in the Samba file server process token.
Versions Affected : All versions prior to TrueNAS 12.0-U3.1
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Versions Affected : All versions prior to TrueNAS 12.0-U2 Description A serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the bug.
Versions Affected : TrueNAS 12.0-BETA1 and 12.0-BETA2 Description OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777 Workaround No workaround is available. Mitigation Upgrade to 12.0-BETA2.1 or later Commit Jira Ticket Github Commit Ports Commit Further information NIST CVE-2020-24717 Entry
Versions Affected : TrueNAS 12.0-BETA1 and 12.0-BETA2 Description OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. Workaround No workaround is available. Mitigation Upgrade to 12.0-BETA2.1 or later Commit Jira Ticket Github Commit Ports Commit Further information NIST CVE-2020-24716 Entry
Versions Affected : All verisons prior to FreeNAS/TrueNAS 11.2-u8 Description An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-u1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent. Workaround No workaround is available. Mitigation Upgrade to FreeNAS/TrueNAS 11.
Versions Affected : All verisons prior to FreeNAS/TrueNAS 11.2-U8
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with “log level = 3” (or above) then the string obtained from the client, after a failed character conversion, is printed.
Versions Affected : All versions prior to FreeNAS 11.2-U8
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable.
Versions Affected : All versions prior to FreeNAS 11.2-U8
An authenticated user can crash the DCE/RPC DNS management server by creating records matching the zone name in different case spelling.
Versions Affected : All versions prior to FreeNAS 11.2-U6
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file.
Versions Affected : All versions prior to FreeNAS 11.2-U4
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API.
Download TrueNAS CORE
Download TrueNAS SCALE
Get TrueNAS Enterprise