BASH exploit - Shellshock | NETGEAR Communities

Aspirant

Sep 25, 2014

Skywarp wrote:
I've had a look myself, and can confirm the vulnerable bash version, however, I haven't found a way to remotely trigger this.
I.e. you need to have SSH access to the box as far as I can see for now.
I'll await the answer from the devs, to see if they have any more information on this.

If you want to be extra safe/paranoid, indeed disable port forwards to your ReadyNAS.

Skywarp wrote:
I've had a look myself, and can confirm the vulnerable bash version, however, I haven't found a way to remotely trigger this. I.e. you need to have SSH access to the box as far as I can see for now. I'll await the answer from the devs, to see if they have any more information on this. If you want to be extra safe/paranoid, indeed disable port forwards to your ReadyNAS.

http://www.troyhunt.com/2014/09/everyth ... about.html

Remote code execution is pretty easy in the general case with this bug because web servers are usually running on bash or bash-derived shells and the CGI spec (http://www.ietf.org/rfc/rfc3875) requires certain information to be exported to the environment -- which under Unix variants is most often done with environment variables. So if you've got the web server port-forwarded and accessible from the outside, you're very likely to be vulnerable.

Jack.

Forum Discussion

BASH exploit - Shellshock

Related Content

PDF Exploit

R7000 buffer overflow exploit patch

Netgear Router Exploit - 10/8/2015

Is ReadyNAS NVX RNDX4000 vulnerable to ShellShock exploit?

bash upgrade

NETGEAR Academy

ProSupport for Business