NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
BASH exploit - Shellshock
Hi I have a ReadyNas Ultra 2 and it has version 3.1.17 of BASH installed which has a High risk vulnerability. Can somebody please explain how to patch BASH so that my system is not at risk from...
I have confirmed my NV+ (Sparc) is vulnerable when you visit the shares url (but not the admin url). You can test this by modifying the User-Agent string in a browser with some of the code required to exploit vulnerable bash. In this case I used a simple ping command to do it and watched the target machine using tcpdump.
I also modified the string to spawn a netcat session back to a listener (reverse shell). Netcat is not installed by default so that did not work. So as an experiment i installed it and found that the default sparc debian package includes the -e option for netcat and made it trivial to open a shell with a fairly simple modification to the User-Agent string.
I tried to update packages and install a newer bash, but I think that the sparc debian packages are not updated yet.
That's all I have done to test this so far.....
User-Agent: () { :; }; /bin/bash -c "ping -c 5 [ip address]"
I also modified the string to spawn a netcat session back to a listener (reverse shell). Netcat is not installed by default so that did not work. So as an experiment i installed it and found that the default sparc debian package includes the -e option for netcat and made it trivial to open a shell with a fairly simple modification to the User-Agent string.
I tried to update packages and install a newer bash, but I think that the sparc debian packages are not updated yet.
:~# bash -version
GNU bash, version 2.05b.0(1)-release (sparc-unknown-linux-gnu)
Copyright (C) 2002 Free Software Foundation, Inc.
That's all I have done to test this so far.....
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
