Versions Affected : All versions prior to TrueNAS 12.0-U2 Description A serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the bug.
Versions Affected : TrueNAS 12.0-BETA1 and 12.0-BETA2 Description OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777 Workaround No workaround is available. Mitigation Upgrade to 12.0-BETA2.1 or later Commit Jira Ticket Github Commit Ports Commit Further information NIST CVE-2020-24717 Entry
Versions Affected : TrueNAS 12.0-BETA1 and 12.0-BETA2 Description OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. Workaround No workaround is available. Mitigation Upgrade to 12.0-BETA2.1 or later Commit Jira Ticket Github Commit Ports Commit Further information NIST CVE-2020-24716 Entry
Versions Affected : All verisons prior to FreeNAS/TrueNAS 11.2-u8 Description An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-u1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent. Workaround No workaround is available. Mitigation Upgrade to FreeNAS/TrueNAS 11.
Versions Affected : All verisons prior to FreeNAS/TrueNAS 11.2-U8
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with “log level = 3” (or above) then the string obtained from the client, after a failed character conversion, is printed.
Versions Affected : All versions prior to FreeNAS 11.2-U8
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable.
Versions Affected : All versions prior to FreeNAS 11.2-U8
An authenticated user can crash the DCE/RPC DNS management server by creating records matching the zone name in different case spelling.
Versions Affected : All versions prior to FreeNAS 11.2-U6
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file.
Versions Affected : All versions prior to FreeNAS 11.2-U4
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API.