Plattform
freebsd
Komponente
truenas-core
Behoben in
13.3.1
CVE-2024-11944 describes a Remote Code Execution (RCE) vulnerability in iXsystems TrueNAS CORE, specifically affecting versions 13.3-RELEASE–13.3-RELEASE. This flaw stems from insufficient path validation within the tarfile.extractall method, allowing attackers to potentially execute arbitrary code on vulnerable systems. The vulnerability is particularly concerning as it requires no authentication to exploit, posing a significant risk to TrueNAS deployments.
The impact of CVE-2024-11944 is severe. Successful exploitation allows an attacker to gain complete control over the affected TrueNAS CORE system, effectively achieving root access. This can lead to data breaches, system corruption, and the installation of malicious software. Given the lack of authentication required, the vulnerability is easily exploitable from any network-connected device. The ability to execute code as root grants the attacker the highest level of privileges, enabling them to compromise the entire storage infrastructure and potentially pivot to other systems on the network. This vulnerability shares similarities with other directory traversal exploits where attackers leverage insufficient input validation to gain unauthorized access and execute commands.
CVE-2024-11944 was publicly disclosed on December 30, 2024. The vulnerability is considered to have a medium probability of exploitation due to its ease of exploitation and the widespread use of TrueNAS CORE. Public proof-of-concept (PoC) code is likely to emerge, further increasing the risk. This vulnerability is tracked by CISA and may be added to the KEV catalog. Refer to the iXsystems advisory for further details.
Organizations heavily reliant on TrueNAS CORE for data storage and management are at significant risk. This includes small to medium-sized businesses (SMBs) and enterprises utilizing TrueNAS for file sharing, backups, and virtual machine hosting. Shared hosting environments using TrueNAS are particularly vulnerable due to the potential for cross-tenant exploitation.
• freebsd / server:
journalctl -u zed -g 'tarfile.extractall'• freebsd / server:
find /usr/local -type f -mtime -1 -print• generic web:
curl -I http://<truenas_ip>/path/to/malicious/file.tar.gz• generic web:
grep -i 'tarfile.extractall' /var/log/nginx/access.logdisclosure
Exploit-Status
EPSS
2.41% (85% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-11944 is to upgrade to a patched version of TrueNAS CORE as soon as possible. Until the upgrade can be performed, restrict network access to the TrueNAS CORE system to only trusted sources. Implement strict firewall rules to limit inbound connections. Monitor system logs for any suspicious activity, particularly attempts to access or manipulate files within the /usr/local/ directory. Consider using a Web Application Firewall (WAF) to filter out malicious requests targeting the vulnerable endpoint. After upgrading, verify the fix by attempting to extract a tar archive with a specially crafted path designed to trigger the directory traversal vulnerability; the extraction should fail with an error indicating insufficient permissions.
Actualice TrueNAS CORE a una versión posterior a 13.3-RELEASE que contenga la corrección para esta vulnerabilidad. Consulte las notas de la versión de TrueNAS para obtener más detalles.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-11944 is a Remote Code Execution vulnerability in TrueNAS CORE versions 13.3-RELEASE–13.3-RELEASE. It allows attackers to execute arbitrary code due to a flaw in the tarfile.extractall function.
If you are running TrueNAS CORE 13.3-RELEASE–13.3-RELEASE, you are potentially affected. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade to a patched version of TrueNAS CORE. Monitor iXsystems' website for updates and follow their instructions carefully.
While there are no confirmed reports of active exploitation at this time, the vulnerability's severity and ease of exploitation suggest a high likelihood of future attacks.
Refer to the iXsystems security advisory page for the latest information and updates regarding CVE-2024-11944: https://www.ixsystems.com/security-advisories/
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.