FreeNAS < 0.7.2 Revision 5543 Command Execution Vulnerability

2010-11-22T00:00:00
ID 5714.PRM
Type nessus
Reporter Tenable
Modified 2019-03-06T00:00:00

Description

The remote host is running FreeNAS, a network attached storage distribution based on FreeBSD.

Versions of FreeNAS earlier than 0.7.2 Revision 5543 are potentially affected by a remote command execution vulnerability because the application fails to restrict access to the 'exec_raw.php' script. A remote, unauthenticated attacker can pass arbitrary commands through the script's 'cmd' parameter and have them executed with root privileges.

                                        
                                            Binary data 5714.prm