FreeBSD-SA-21:14.ggatec : Remote code execution in ggatec(8)
Versions Affected : All versions prior to TrueNAS 12.0-U6
The ggatec(8) daemon does not validate the size of a response before writing it to a fixed-sized buffer. This allows to overwrite the stack of ggatec(8).
A malicious ggated(8) or an attacker in a priviledged network position can overwrite the stack with crafted content and potentially execute arbitrary code.
No workaround is available.
- Upgrade to TrueNAS 12.0-U6 or later.