Download TrueNAS CORE
Download TrueNAS SCALE
Get TrueNAS EnterpriseFreeBSD-SA-20:13.libalias : Memory disclosure vulnerability
Versions Affected : All verisons prior to FreeNAS 11.3-U3.2
Description
The FTP packet handler in libalias incorrectly calculates some packet lengths.
This may result in disclosing small amounts of memory from the kernel (for the in-kernel NAT implementation) or from the process space for natd (for the userspace implementation). A malicious attacker could send specially constructed packets that exploit the erroneous calculation allowing the attacker to disclose small amount of memory either from the kernel (for the in-kernel NAT implementation) or from the process space for natd (for the userspace implementation).
Workaround
No workaround is available.
Mitigation
- Upgrade to FreeNAS 11.3-U3.2 or later.