A new version of Samaba, the open source implementation of the SMB/CIFS networking protocol that enables file and print sharing between FreeNAS and Windows, has been released to fix a nine year old security vulnerability that allows remote code execution as the “root” user from an anonymous connection.
FreeNAS-8.0.4-RELEASE-p1 has been released with Samba 3.6.4 to addresses this critical security flaw.
- Samba has been upgraded to 3.6.4 to address CVE-2012-1182 which is a critical vulnerability. All FreeNAS users who are using CIFS are urged to upgrade.
- Create the ldap and nss secret files when LDAP integration is enabled.
- Ensure the configuration database is not world readable.
- Remove failsafe from the PAM group file, this prevents a situation where the wheel group being empty allowed any user to su to root.
8.0.4-RELEASE-p1 also contains a GUI enhancement where selecting reboot now causes the screen to turn red during the confirmation dialog, adding emphasis to the fact that this operation will affect availability.
FreeNAS-8.0.4-RELEASE-p1 is now available for immediate download from: https://sourceforge.net/
This update is critical for anyone using FreeNAS with CIFS.