Versions Affected : All verisons prior to FreeNAS 11.3-U3.2


Description

The FTP packet handler in libalias incorrectly calculates some packet lengths.

This may result in disclosing small amounts of memory from the kernel (for the in-kernel NAT implementation) or from the process space for natd (for the userspace implementation). A malicious attacker could send specially constructed packets that exploit the erroneous calculation allowing the attacker to disclose small amount of memory either from the kernel (for the in-kernel NAT implementation) or from the process space for natd (for the userspace implementation).


Workaround

No workaround is available.


Mitigation

  • Upgrade to FreeNAS 11.3-U3.2 or later.

Commit


Further information