Get a Quote (408) 943-4100

Commercial Support

TrueNAS.com Software Systems Company Community Security iX Portal Download

Docs Navigation

TrueNAS CORE TrueNAS Enterprise TrueNAS SCALE TrueCommand Help Me Choose FreeNAS

Systems Overview M-Series X-Series R-Series Mini Series

Blog In the News TrueNAS Store iXsystems Careers

TrueNAS GitHub Community Forum Discord TrueNAS Merch Store

Application Asigra TrueNAS Solution Backup Big Data Cloud Multimedia Virtualization

Industry Education Finance Government Healthcare High-Tech Media & Entertainment

Support Documentation TrueNAS Security Blog Case Studies White Papers Solution Briefs iX Portal Plugins & Apps ZFS

Download TrueNAS CORE

Download TrueNAS SCALE

Get TrueNAS Enterprise

CVE

CVE-2022-32742 : samba - Server memory information leak via SMB1

2021-11-09

Versions Affected : All versions prior to TrueNAS Core 13.0-U2 and TrueNAS SCALE 22.02.3

Description

All versions of Samba with SMB1 enabled are vulnerable to a server memory information leak bug over SMB1 if a client can write data to a share.

Some SMB1 write requests were not correctly range checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client supplied data. The client cannot control the area of the server memory that is written to the file (or printer)

CVSS

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Base score 4.3

Workaround

Disable SMB1 if in use. Systems that do not use SMB1 are not vulnerable.

Mitigation

Upgrade to TrueNAS SCALE 13.0-U2 or TrueNAS SCALE 22.02.3 or later

Commit

Further information