FreeBSD-EN-20:30.ftpd : ftpd privilege escalation via ftpchroot
Versions Affected : All verisons prior to FreeNAS 11.3-U5
A ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot(5).
A malicious FTP user can gain privileged access to an affected system.
No workaround is available. Systems not running ftpd(8) or not making use of ftpchroot(5) are not affected. Exploitation of the bug requires that a malicious FTP client have login access to the server. Anonymous access is not sufficient.
- Upgrade to FreeNAS 11.3-U5 or later.
- FreeBSD Revision : r365781
- FreeNAS Commit : d7a0d0c
- FreeNAS Commit : 9c87b90
- JIRA Ticket : NAS-107090