Get a Quote (408) 943-4100

Commercial Support

TrueNAS.com Software Systems Company Community Security iX Portal Download

Docs Navigation

TrueNAS CORE TrueNAS Enterprise TrueNAS SCALE TrueCommand Help Me Choose FreeNAS

Systems Overview M-Series X-Series R-Series Mini Series

Blog In the News TrueNAS Store iXsystems Careers

TrueNAS GitHub Community Forum Discord TrueNAS Merch Store

Application Asigra TrueNAS Solution Backup Big Data Cloud Multimedia Virtualization

Industry Education Finance Government Healthcare High-Tech Media & Entertainment

Support Documentation TrueNAS Security Blog Case Studies White Papers Solution Briefs iX Portal Plugins & Apps ZFS

Download TrueNAS CORE

Download TrueNAS SCALE

Get TrueNAS Enterprise

Samba

Services CVE

CVE-2019-3880 : Samba RPC Endpoint Emulation

2019-04-09

Versions Affected : All versions prior to FreeNAS 11.2-U4

Description

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API.

An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

Workaround

No workaround is available, but dynamically linked binaries are not affected.

Mitigation

Upgrade to FreeNAS 11.2-U4 or later

Commit

Further information

NIST CVE-2019-3880 Entry