Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

FreeNAS < 0.7.2 Revision 5543 Command Execution Vulnerability

High

Synopsis

A web application on the remote host is affected by an arbitrary command execution vulnerability.

Description

The remote host is running FreeNAS, a network attached storage distribution based on FreeBSD.

Versions of FreeNAS earlier than 0.7.2 Revision 5543 are potentially affected by a remote command execution vulnerability because the application fails to restrict access to the 'exec_raw.php' script. A remote, unauthenticated attacker can pass arbitrary commands through the script's 'cmd' parameter and have them executed with root privileges.

Solution

Upgrade to FreeNAS 0.7.2 Revision 5543 or later.