NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
BASH exploit - Shellshock
Hi I have a ReadyNas Ultra 2 and it has version 3.1.17 of BASH installed which has a High risk vulnerability. Can somebody please explain how to patch BASH so that my system is not at risk from...
mdgm wrote: 4.1.14-T6 was released today.
Just installed T6 without a hitch.
It does fix the first string of vulenrabilities. It does not, however, address 2014-718x:
nmr-nas:~# dpkg -l bash
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-======================================-======================================-============================================================================================
ii bash 2.05b-26.netgear2 The GNU Bourne Again SHell
nmr-nas:~# /bin/bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_astack"
Segmentation fault
CVE-2014-7186 vulnerable, redir_astack
nmr-nas:~# (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | /bin/sh || echo "CVE-2014-7187 vulnerable, word_lineno"
/bin/sh: line 2: `x{1..200}': not a valid identifier
CVE-2014-7187 vulnerable, word_lineno
Patch for these: http://nmr.che.auckland.ac.nz/patches/CVE-2014-718x.dpatch
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
