SOLVED CVE-2021-4034 (PwnKit) Concern.

Kasazn

Kasazn

Explorer
Joined
Apr 17, 2021
Messages
60
Arwen

Arwen

MVP
Joined
May 17, 2014
Messages
3,611
Actually it's not concerning at all, if I understand the issue correctly.

In order to use the exploit, you have to be local to the server. In the case of a NAS, normal users would not have login access, only administrators should have access. And admins should already have "root" access. So in this one case, that specific exploit is a non-starter for TrueNAS SCALE.

Edit: I don't mean to imply that it should not be fixed...
 
Last edited:
Kris Moore

Kris Moore

SVP of Engineering
Administrator
Moderator
iXsystems
Joined
Nov 12, 2015
Messages
1,471
@Arwen is correct. This is not a remote exploit, requires user to already have access to the NAS, so much lower priority for us at this time. That said, we'll include fixes for it here soon.
 
Kasazn

Kasazn

Explorer
Joined
Apr 17, 2021
Messages
60
OK glad to know from knowledgeable people here! Thanks for the information. :)
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "CVE-2021-4034 (PwnKit) Concern."

Similar threads

Nas4Bean
  • Locked
Samba (CVE-2017-11103) Update?
Replies
7
Views
3K
anodos
anodos
eturgeon
TrueNAS 12.0-U8 Released
2
Replies
35
Views
11K
NASbox
N
JoshDW19
Blog TrueNAS 12.0-U7 is Released & TrueNAS 13.0 Begins
Replies
3
Views
8K
ClassicGOD
ClassicGOD
JoshDW19
Blog TrueNAS 12.0-U5 Released, FreeNAS Transitions to “Legacy” Status
Replies
16
Views
7K
hescominsoon
hescominsoon
JoshDW19
Blog Combating Ransomware with TrueNAS
Replies
6
Views
7K
awasb
awasb
Top