NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Glibc Vulnerability CVE-2015-0235
Hi
Just read that all Linux systems seems to be affected by the newly discovered GLIBC vulnerability:
https://www.qualys.com/research/securit ... 5-0235.txt
What is NetGears recommendations for the ReadyNAS systems? Are ReadyNAS systems affected?
Can one perform some kind of apt-get update or such to patch vulnerability?
Please advise
Thanks in advance
Just read that all Linux systems seems to be affected by the newly discovered GLIBC vulnerability:
https://www.qualys.com/research/securit ... 5-0235.txt
What is NetGears recommendations for the ReadyNAS systems? Are ReadyNAS systems affected?
Can one perform some kind of apt-get update or such to patch vulnerability?
Please advise
Thanks in advance
10 Replies
- The GHOST vunerability only concern unpatched version of glibc/elibc from 2.2 to 2.17.
A way to know the NAS unit is affected is to log in with ssh and type the following command to get the glibc version:
ldd --version
On my RNDU 6000 with ReadyNAS OS 6.2.2, I get the following output:
root@NAS-Netgear:~# ldd --version
ldd (Debian GLIBC 2.19-4) 2.19
Copyright (C) 2014 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.
As you can see the last version of ReadyNAS OS is not affected. 4.2.27 wrote: PRO:~# ldd --version
ldd (GNU libc) 2.7
Copyright (C) 2007 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.4.1.14 wrote:
Duo:~# ldd --version
ldd (GNU libc) 2.3.2
Copyright (C) 2003 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.- I have compiled a test programm and ReadyNAs using OS6 are not affected
Envoyé de mon iPhone en utilisant Tapatalk - Correct, ReadyNASOS >= 6.2.0 is not vulnerable to CVE-2015-0235. We will have updates for RAIDiator 4.2 and 5.3 soon, although I don't believe there are any unauthenticated attack vectors anyway.
4.1 also?Skywalker wrote: Correct, ReadyNASOS >= 6.2.0 is not vulnerable to CVE-2015-0235. We will have updates for RAIDiator 4.2 and 5.3 soon, although I don't believe there are any unauthenticated attack vectors anyway. Skywalker wrote: Correct, ReadyNASOS >= 6.2.0 is not vulnerable to CVE-2015-0235. We will have updates for RAIDiator 4.2 and 5.3 soon, although I don't believe there are any unauthenticated attack vectors anyway.
Since you have specifically mentioned that v6.2.0 is not vulnerable, how about the v6.1.x? (You have used ">" [greater than] and "=" [equal] signs so I assumed that this only includes v6.2.x)
I believe that there are ReadyNAS OS 6 users that have their devices still on firmware v6.1.x.- If they are still running 6.1.x then they can update to 6.2.x.
6.1.9 for example has glibc 2.13-38 whereas 6.2.0 has glibc 2.19-4 StephenB wrote: 4.1 also?
I think that one's TBD at the moment, unless there are any unauthenticated attack vectors.- There is beta firmware available for 4.2: http://www.readynas.com/forum/viewtopic.php?f=51&t=70385
and for 5.3: http://www.readynas.com/forum/viewtopic.php?f=148&t=72267 - thumbs up, thanks for keeping the older releases secure.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
