Product Security Hub

  • CVEs
  • Errata
  • Articles

CVE-2020-24716 : Insecure Permissions

2020-08-27

Versions Affected : TrueNAS 12.0-BETA1 and 12.0-BETA2

Description

OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories.

Workaround

No workaround is available.

Mitigation

  • Upgrade to 12.0-BETA2.1 or later

Commit

  • Jira Ticket
  • Github Commit
  • Ports Commit

Further information

  • NIST CVE-2020-24716 Entry

Current Products

  • FreeNAS/TrueNAS 11.39
  • FreeNAS/TrueNAS 12.0-U11
  • TrueCommand 1.21
  • TrueNAS 12.027

Categories

  • Contrib9
  • Core27
  • Intel1
  • Linuxkpi1
  • Network1
  • OS20
  • Services7

Tags

  • accept_filter1
  • AD1
  • alias2
  • bhyve2
  • build1
  • callout1
  • caroot1
  • core4
  • crypto1
  • dhclient1
  • FreeBSD48
  • freebsd-update1
  • fs1
  • ftpd1
  • getfsstat1
  • icmp61
  • ipfw2
  • jail3
  • kernel10
  • lldb1
  • microcode1
  • netinte61
  • nmount1
  • ntpd1
  • oce1
  • openssl2
  • pam_login_access1
  • pf1
  • pfctl1
  • rtsold1
  • Samba5
  • sctp1
  • sqlite31
  • ssp1
  • tcp1
  • ure1
  • vm1
  • WebUI1
  • x861
  • xen2
  • zfs1
  • zoneinfo2

Previous Products

  • FreeNAS/TrueNAS 11.015
  • FreeNAS/TrueNAS 11.122
  • FreeNAS/TrueNAS 11.225
  • FreeNAS/TrueNAS 11.329
  • TrueCommand 1.01
  • TrueCommand 1.11
  • TRUENAS
  • IXSYSTEMS
  • IX ACCOUNT SERVICES
  • COMMUNITY
  • SECURITY
  • BLOG
©  iXsystems All Rights Reserved
Distributed under CC BY NC SA 4.0. Copyright and Trademark information can be found here.
Privacy Policy