NAME:WRECK Vulnerability Status

On April 15th, 2021 the US Cyber Security & Infrastructure Security Agency released an alert about a set of nine vulnerabilities referred to as NAME:WRECK. Full Announcement by Forescout Research Labs can be viewed from Forescout Forescout Research Labs’ report states that FreeBSD 12.1 is vulnerable. FreeBSD patched this vulnerability and released a notice on 2020-09-02. FreeBSD Security Advisory : FreeBSD-SA-20:26.dhclient The TrueNAS security errata for this patch is posted here.

FreeBSD-SA-20:32.rtsold : Multiple vulnerabilities in rtsold

Versions Affected : All versions prior to TrueNAS 12.0-U1

Description

Two bugs exist in rtsold(8)’s RDNSS and DNSSL option handling.

FreeBSD-SA-20:31.icmp6 : ICMPv6 use-after-free error

Versions Affected : All versions prior to TrueNAS 12.0-U1

Description

When an ICMPv6 error message is received, the FreeBSD ICMPv6 stack may extract information from the message to hand to upper-layer protocols.

FreeBSD-EN-20:20.tzdata : Timezone database information update

Versions Affected : All versions prior to TrueNAS 12.0-U1

Description

Several changes in Daylight Saving Time happened after previous FreeBSD releases were released that would affect many people who live in different parts of the world.

FreeBSD-EN-20:30.ftpd : ftpd privilege escalation via ftpchroot

Versions Affected : All verisons prior to FreeNAS 11.3-U5

Description

A ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot(5).

FreeBSD-EN-20:29.bhyve_svm : bhyve SVM guest escape

Versions Affected : All verisons prior to FreeNAS 11.3-U5

Description

A number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped.

FreeBSD-EN-20:28.bhyve_vmcs : bhyve privilege escalation

Versions Affected : All verisons prior to FreeNAS 11.3-U5

Description

Insufficient access controls (VMCS) allow root users, including those running in a jail, to change these data structures.

FreeBSD-EN-20:27.ure : ure packet-in-packet attack

Versions Affected : All verisons prior to FreeNAS 11.3-U5

Description

A programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes.

FreeBSD-SA-20:26.dhclient : dhclient heap overflow

Versions Affected : All verisons prior to FreeNAS 11.3-U5

Description

dhclient(8) is the default IPv4 DHCP client used on FreeBSD. It is responsible for contacting DHCP servers on a network segment, and for initializing and configuring network interfaces and configuring name resolution based on received information.

FreeBSD-SA-20:25.sctp : SCTP socket use-after-free bug

Versions Affected : All verisons prior to FreeNAS 11.3-U5

Description

The Stream Control Transmission Protocol (SCTP) is a message oriented transport protocol supporting arbitrary large user messages. It can be accessed from applications by using the the socket API.

FreeBSD-SA-20:24.ipv6 : IPv6 Hop-by-Hop options use-after-free bug

Versions Affected : All verisons prior to FreeNAS 11.3-U5

Description

IPv6 is a network layer supporting Hop-by-Hop options, which can be sent by applications via the socket API. The memory management for packet handling is done using mbufs.

FreeBSD-EN-20:18.getfsstat : getfsstat compatibility system call panic

Versions Affected : All verisons prior to FreeNAS 11.3-U5

Description

getfsstat(2) is a system call which provides information about mounted filesystems. The kernel provides compatibility system calls for old versions of the interface.

FreeBSD-EN-20:17.linuxthread : FreeBSD Linux ABI kernel panic

Versions Affected : All verisons prior to FreeNAS 11.3-U5

Description

The Linux ABI layer (Linuxulator) allows Linux binaries to be executed on a FreeBSD kernel.

FreeBSD-SA-20:23.sendmsg : sendmsg(2) privilege escalation

Versions Affected : All verisons prior to FreeNAS 11.3-U4.1

Description

When handling a 32-bit sendmsg(2) call, the compat32 subsystem copies the control message to be transmitted (if any) into kernel memory, and adjusts alignment of control message headers.

FreeBSD-SA-20:22.sqlite : Multiple vulnerabilities in sqlite3

Versions Affected : All verisons prior to FreeNAS 11.3-U4.1

Description

Malicious SQL statements could crash, hijack processes, or cause data corruption.

FreeBSD-SA-20:21.usb : Potential memory corruption in USB network device drivers

Versions Affected : All verisons prior to FreeNAS 11.3-U4.1

Description

A missing length validation code common to these three drivers means that a malicious USB device could write beyond the end of an allocated network packet buffer.

FreeBSD-SA-20:20.ipv6 : IPv6 socket option race condition

Versions Affected : All verisons prior to FreeNAS 11.3-U3.2

Description

The IPV6_2292PKTOPTIONS set handler was missing synchronization, so racing accesses could modify freed memory.

FreeBSD-SA-20:19.unbound : Multiple vulnerabilities in unbound

Versions Affected : All verisons prior to FreeNAS 11.3-U3.2

Description

Malformed answers from upstream name servers can send Unbound into an infinite loop, resulting in denial of service.

FreeBSD-EN-20:15.mps : Kernel panic in mps(4) driver

Versions Affected : All verisons prior to FreeNAS 11.3-U3.2

Description

mps(4) implements a pass-through interface which allows privileged user processes to submit commands directly to disks behind the controller.

FreeBSD-EN-20:14.linuxkpi : Kernel panic in LinuxKPI

Versions Affected : All verisons prior to FreeNAS 11.3-U3.2

Description

A bug in one of the LinuxKPI subroutines could cause a kernel panic.

FreeBSD-SA-20:17.usb : USB HID descriptor parsing error

Versions Affected : All verisons prior to FreeNAS 11.3-U?

Description

USB Human Interface Device (HID) descriptors may push/pop the current state to allow description of items residing in a so-called union.

FreeBSD-SA-20:15.cryptodev : Use after free in cryptodev

Versions Affected : All verisons prior to FreeNAS 11.3-U3.2

Description

A race condition permitted a data structure in the kernel to be used after it was freed by the cryptodev module.

FreeBSD-SA-20:14.sctp : Fix improper checking in SCTP-AUTH

Versions Affected : All verisons prior to 11.3-U3.2

Description

The SCTP layer does improper checking when an application tries to update a shared key.

FreeBSD-SA-20:13.libalias : Memory disclosure vulnerability

Versions Affected : All verisons prior to FreeNAS 11.3-U3.2

Description

The FTP packet handler in libalias incorrectly calculates some packet lengths.

FreeBSD-SA-20:12.libalias : Insufficient packet length validation

Versions Affected : All verisons prior to FreeNAS 11.3-U3.2

Description

libalias(3) packet handlers do not properly validate the packet length before accessing the protocol headers.

FreeBSD-EN-20:10.build : incorrect Clang version detection

Versions Affected : All verisons prior to FreeNAS 11.3-U3.2

Description

The Clang and LLD version detection accepted only versions matching the shell glob pattern [1-9].[0-9]*, which notably does not include 10.0. The build then proceeded as if the compiler or linker version was 0.0.

FreeBSD-SA-20:10.ipfw : ipfw invalid mbuf handling

Versions Affected : All verisons prior to FreeNAS 11.3-U2.1 Description Incomplete packet data validation may result in accessing out-of-bounds memory (CVE-2019-5614) or may access memory after it has been freed (CVE-2019-15874). Workaround No workaround is available. Systems not using the ipfw firewall are not vulnerable. Mitigation Upgrade to FreeNAS 11.3-U3.2 or later Commit FreeBSD Revision : r360149 FreeNAS Commit : 6911f08 Jira Ticket : NAS-105837 Further information FreeBSD Errata Entry

FreeBSD-SA-20:07.quotad : Regression in rpc.rquotad

Versions Affected : All verisons prior to FreeNAS 11.3-U2.1

Description

A change in rpc.rquotad made it send RQUOTA v2 requests instead of RQUOTA v1 requests.

End of Life Statement for TrueNAS 11.3

TrueNAS 11.3-STABLE has reached its End of Life and is no longer receiving security updates. The TrueNAS 12.0 release announcment can be found here: https://www.truenas.com/docs/hub/intro/release-notes/tn-12_0-release/ Please schedule a time to upgrade to TrueNAS 12.0-U1, if assistance is required please contact the iXsystems Support Team.

TrueNAS Software Development Life Cycle

TrueNAS Software Development Life Cycle The TrueNAS (and FreeNAS) software development life cycle (SDLC) is the process for planning, creating, testing, deploying, and maintaining FreeNAS and TrueNAS releases. In TrueNAS there are five stages to the SDLC: requirement analysis, design and development, testing and evaluation, documentation, and maintenance. Requirement analysis: Determine the objectives, nature, and scope of future versions of the software. This involves gathering feedback and interpreting customer needs and requirements, diagnosing existing problems, and weighing the pros and cons of potential solutions.