HiI have a ReadyNas Ultra 2 and it has version 3.1.17 of BASH installed which has a High risk vulnerability. Can somebody please explain how to patch BASH so that my system is not at risk from this vulnerability. I have tried downloading the source, the patch and patching but 1 file did not patch successfully. If anyone can post some step by step instructions it would be really appreciated (as I am not an expert).Many thanksK

What version of RAIDiator are you running?We do backport some patches so it may already have been patched.

HiI'm not at my NAS right now.....but the exploit was only published yesterday and I checked using sample code to see if my version of Bash is 'processing trailing parameter' (the vuln). My Bash is - all versions up until yesterday are.Is there a 'Manual' way to patch BASH until a firmware upgrade can be applied

Ah, didn't realise it was a new exploit.

I am also concerned about this, have checked all my devices and only found the ReadyNAS that seems to be at risk so far. :(

I have messaged engineering about this. Let's wait and hear what they have to say.In the meantime you may wish to disable port forwards (if you have some setup) if you are very concerned about this.Also a good reminder to make sure you have an up to date backup.

BASH exploit - Shellshock | NETGEAR Communities

76 Replies

Replies have been turned off for this discussion

mdgm-ntgr
NETGEAR Employee Retired
Oct 11, 2014
Perhaps edit your sources list to comment the relevant line then try again.

wifiuk

Aspirant

Oct 11, 2014

which source do i need to add for the Ready Nas Duo v2

i have this




# deb http://ftp.us.debian.org/debian/ squeeze main

deb http://ftp.us.debian.org/debian/ squeeze main
deb-src http://ftp.us.debian.org/debian/ squeeze main

deb http://security.debian.org/ squeeze/updates main
deb-src http://security.debian.org/ squeeze/updates main

deb http://ftp.us.debian.org/debian/ squeeze-updates main
deb-src http://ftp.us.debian.org/debian/ squeeze-updates main
~
~

mdgm-ntgr
NETGEAR Employee Retired
Oct 11, 2014
Comment the last two lines?

What did you do with the lines for the ReadyNAS apt-get repository?
wifiuk
Aspirant
Oct 11, 2014
i have done nothing this is how it is as standard
mdgm-ntgr
NETGEAR Employee Retired
Oct 11, 2014
O.K.

Add

deb http://www.readynas.com/packages 5.3.11/

wifiuk

Aspirant

Oct 11, 2014

nice one that has resolved the


env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"



bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `BASH_FUNC_x'
test

Forum Discussion

BASH exploit - Shellshock

76 Replies

Related Content

PDF Exploit

R7000 buffer overflow exploit patch

Netgear Router Exploit - 10/8/2015

Is ReadyNAS NVX RNDX4000 vulnerable to ShellShock exploit?

bash upgrade

NETGEAR Academy

ProSupport for Business