Home > News > Two Security Alerts for FreeNAS

Two Security Alerts for FreeNAS

The NVD (National Vulnerability Database) has issued two security alerts for FreeNAS.

1. Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

2. Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.

If your FreeNAS is in anyway connected to the Internet it is recommended that you upgrade. If your FreeNAS is on a secure LAN then these issues will probably not affect you.

Related links:

National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-2739)

National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-2738)

Categories: News Tags:

CommentLuv badge

Twitter links powered by Tweet This v1.8.3, a WordPress plugin for Twitter.