Get a Quote (408) 943-4100

Commercial Support

TrueNAS.com Software Systems Company Community Security iX Portal Download

Docs Navigation

TrueNAS CORE TrueNAS Enterprise TrueNAS SCALE TrueCommand Help Me Choose FreeNAS

Systems Overview M-Series X-Series R-Series Mini Series

Blog In the News TrueNAS Store iXsystems Careers

TrueNAS GitHub Community Forum Discord TrueNAS Merch Store

Application Asigra TrueNAS Solution Backup Big Data Cloud Multimedia Virtualization

Industry Education Finance Government Healthcare High-Tech Media & Entertainment

Support Documentation TrueNAS Security Blog Case Studies White Papers Solution Briefs iX Portal Plugins & Apps ZFS

Download TrueNAS CORE

Download TrueNAS SCALE

Get TrueNAS Enterprise

ftpd

core

FreeBSD-EN-20:30.ftpd : ftpd privilege escalation via ftpchroot

2020-09-15

Versions Affected : All verisons prior to FreeNAS 11.3-U5

Description

A ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot(5).

A malicious FTP user can gain privileged access to an affected system.

Workaround

No workaround is available. Systems not running ftpd(8) or not making use of ftpchroot(5) are not affected. Exploitation of the bug requires that a malicious FTP client have login access to the server. Anonymous access is not sufficient.

FreeBSD-EN-20:30.ftpd : ftpd privilege escalation via ftpchroot

Description

Workaround

Mitigation

Commit

Further information