NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
BASH exploit - Shellshock
Hi I have a ReadyNas Ultra 2 and it has version 3.1.17 of BASH installed which has a High risk vulnerability. Can somebody please explain how to patch BASH so that my system is not at risk from...
What is the latest on this? Any official word?
I have 3 systems, an NV+, an ultra 6+, and a 316. All run the latest release software. As best I can tell, all three systems are therefore vulnerable.
I have SSH disabled on all 3 systems; it was previously enabled on the 4.x systems with the enablerootssh plugin, but I ran the togglessh plug in, which seems to have disabled remote shell access. (I assume it stops the sshd process) On the 314, I disabled ssh in frontview.
I will probably load the latest beta firmware releases on my NV+ and Ultra 6+; this apparently fixes the bug. Correct?
What about the 314? I don't wish to install the 6.2.0 firmware since it is a major but non-production release, and cannot be downgraded back to 6.1.9. Should I turn on ssh, and use app-get to update bash as others have suggested? Or, is bash not used on the 314, and thus there is no vulnerability.
Or is simply turning off shell access as I described above sufficient.
I do not have any port forwarding enabled on my router, which should be protection enough, but I'd rather have the extra layer of non-vulnerable NAS boxes.
I have 3 systems, an NV+, an ultra 6+, and a 316. All run the latest release software. As best I can tell, all three systems are therefore vulnerable.
I have SSH disabled on all 3 systems; it was previously enabled on the 4.x systems with the enablerootssh plugin, but I ran the togglessh plug in, which seems to have disabled remote shell access. (I assume it stops the sshd process) On the 314, I disabled ssh in frontview.
I will probably load the latest beta firmware releases on my NV+ and Ultra 6+; this apparently fixes the bug. Correct?
What about the 314? I don't wish to install the 6.2.0 firmware since it is a major but non-production release, and cannot be downgraded back to 6.1.9. Should I turn on ssh, and use app-get to update bash as others have suggested? Or, is bash not used on the 314, and thus there is no vulnerability.
Or is simply turning off shell access as I described above sufficient.
I do not have any port forwarding enabled on my router, which should be protection enough, but I'd rather have the extra layer of non-vulnerable NAS boxes.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
