Get a Quote (408) 943-4100

Commercial Support

TrueNAS.com Software Systems Company Community Security iX Portal Download

Docs Navigation

TrueNAS CORE TrueNAS Enterprise TrueNAS SCALE TrueCommand Help Me Choose FreeNAS

Systems Overview M-Series X-Series R-Series Mini Series

Blog In the News TrueNAS Store iXsystems Careers

TrueNAS GitHub Community Forum Discord TrueNAS Merch Store

Application Asigra TrueNAS Solution Backup Big Data Cloud Multimedia Virtualization

Industry Education Finance Government Healthcare High-Tech Media & Entertainment

Support Documentation TrueNAS Security Blog Case Studies White Papers Solution Briefs iX Portal Plugins & Apps ZFS

Download TrueNAS CORE

Download TrueNAS SCALE

Get TrueNAS Enterprise

FreeBSD tcp

FreeBSD-SA-20:04.tcp : TCP IPv6 SYN cache kernel disclosure

2020-03-19

Versions Affected : All verisons prior to FreeNAS 11.3-U2

Description

When a TCP server transmits or retransmits a TCP SYN-ACK segment over IPv6, the Traffic Class field is not initialized.

This also applies to challenge ACK segments, which are sent in response to received RST segments during the TCP connection setup phase. For each TCP SYN-ACK (or challenge TCP-ACK) segment sent over IPv6, one byte of kernel memory is transmitted over the network.

Workaround

No workaround is available. Systems not using IPv6 are unaffected.

Mitigation

Upgrade to FreeNAS 11.3-U2 or later.

Commit

FreeBSD Revision : r359138
FreeNAS Commit : e2c538a [If exists] + JIRA Ticket : NAS-105479](https://jira.ixsystems.com/browse/NAS-105479)

Further information

FreeBSD Errata Entry