Home > News > Two Security Alerts for FreeNAS

Two Security Alerts for FreeNAS

August 24th, 2009
Goto comments Leave a comment

The NVD (National Vulnerability Database) has issued two security alerts for FreeNAS.

1. Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

2. Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.

If your FreeNAS is in anyway connected to the Internet it is recommended that you upgrade. If your FreeNAS is on a secure LAN then these issues will probably not affect you.

Related links:

National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-2739)

National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-2738)

[Post to Twitter] Tweet This Post  [Post to Delicious] Delicious This Post  [Post to Digg] Digg This Post  [Post to StumbleUpon] Stumble This Post 

admin News

Tweet This Post links powered by Tweet This v1.3.9, a WordPress plugin for Twitter.