Japanese Edition

SNS Advisory No.101
FreeNAS Cross-Site Scripting Vulnerability

Discovered on:21 Apr 2009
Released on:5 Aug 2009

Severity:
Low

 

Overview:
FreeNAS has a cross-site scripting vulnerability that could allow attackers to execute arbitrary script code in the user's Web browser.

 

Description:
FreeNAS is an open-source operating system optimized for file server with a Web-based user interface, which provides administrative functions.

FreeNAS has a cross-site scripting vulnerability. Exploitation of the vulnerability could allow attackers to execute arbitrary script code in the user's Web browser. Due to this vulnerability, the user could be tricked into executing unintended operations.

Also, this vulnerability could be exploited by the combination with other existing vulnerabilities.

 

Affected Products and Versions:
FreeNAS 0.69.1 and earlier

 

Solution:
Download the fixed version of the software released by the developer and update it.

http://www.freenas.org/index.php?option=com_frontpage&Itemid=22

 

Discovered by:
Hiroyuki Shinshiba (LAC)

 

Thanks to:
This LAC Advisory is released in coordination with Information-technology Promotion Agency, Japan (IPA) and Japan Computer Emargency Response Team Coordination Center (JPCERT/CC.)

http://jvn.jp/jp/JVN89791790/
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000052.html

 

Disclaimer:

The information contained in this advisory may be revised without prior notice and is provided as is. Users shall take their own risk when taking any actions following reading this advisory. Little eArth Corporation Co., Ltd. shall not be held responsible  for any claims, losses or damages caused by the use of information provided here.

 

 

This advisory is available at  the following URL:

http://www.lac.co.jp/english/advisory/101_e.html

Japanese Edition