BASH exploit - Shellshock

mdgm wrote:

schmitzm wrote: I'm probably running a rather dated version of RAIDiator on our NAS - can't check the version since I shut down frontview pretty much first thing when the news broke. Are there any update prerequisites for the current betas - i.e. requirement for a minimum release level? What model do you have? There shouldn't be an issue. Of course it is a good idea to ensure you have an up to date backup first. There is a very low chance that this vulnerability would be exploited especially if you don't forward ports to the NAS. That's not to say there isn't a way, but we haven't found any. However if you are concerned I would turn off port forwards until after updating to the beta with the patch (or a newer release)

My model is a NV+ (v1), firmware 4.1.4. Just saw the beta firmware installed OK on another of that kind - good to know. Backups are reasonably current but I'll make sure to sync everything up again before an upgrade. A bit of a worry is the tedious fsck I'm almost certainly facing on next reboot.

Port forwarding or not is not the issue - having the NAS exposed to a large untrusted internal network is what worries me most. I've added access controls in /etc/apache/frontview/httpd.conf and disabled anything I don't need for now.

You can probably guess that I have enabled ssh access on my NAS - will this be retained on upgrade? Is the enablerootssh addon still available for this firmware?

One last one - is the beta firmware patched to include the upstream patch bash205b-009 or bash205b-010?

Thanks for your help and encouragement!