NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
BASH exploit - Shellshock
Hi I have a ReadyNas Ultra 2 and it has version 3.1.17 of BASH installed which has a High risk vulnerability. Can somebody please explain how to patch BASH so that my system is not at risk from...
I've patched my NV+ v1 (sparc) using the local install of the 4.1.14-T5 firmware image but this only includes the fixes for the earliest bugs discovered in bash ... there are now 27 patches rather than 25 patches to bash v4.3 since this thread began as these last 2 patches address things that were only identified and rectified over Friday and the weekend.
The test code to confirm the CVE-2014-7169 patch is: cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
(per the zdnet article by sjvn: http://www.zdnet.com/shellshock-better- ... 7000034115)
I also updated my 3200 using the change /etc/apt/sources.list to .27 + apt-get update + apt-get install bash and this seems to have included 1 or more of the additional patches as the above test does not show the date so is at least patched for 7169 if not necessarily for 7186 & 7187 overflow and off-by-one bugs
The test code to confirm the CVE-2014-7169 patch is: cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
(per the zdnet article by sjvn: http://www.zdnet.com/shellshock-better- ... 7000034115)
I also updated my 3200 using the change /etc/apt/sources.list to .27 + apt-get update + apt-get install bash and this seems to have included 1 or more of the additional patches as the above test does not show the date so is at least patched for 7169 if not necessarily for 7186 & 7187 overflow and off-by-one bugs
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
