NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

WSJ's avatar
WSJ
Tutor
Apr 08, 2014

[Security] Serious OpenSSL bug (impacting ReadyNAS, as well)

http://heartbleed.com/ : "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library."
"Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication."

That sounds very serious - so, will Netgear react and provide security patches for all affected ReadyNAS products?


----
Well, ReadyNAS Duo v1 users (like me) can be relieved since RAIDiator 4.1.13 is using the old OpenSSL 0.9.8g version which is not affected
Other Discussions
Questions

25 Replies

Replies have been turned off for this discussion
Show More
  • heidnerd's avatar
    heidnerd
    Aspirant
    Apr 15, 2014
    Thanks, debian also shows they backported the fix in u5.

    http://www.debian.org/security/2014/dsa-2896
  • mdgm-ntgr's avatar
    mdgm-ntgr
    NETGEAR Employee Retired
    Apr 15, 2014
    Ah, so they just pulled debian's fix in. Thanks for the info.
  • tcc1's avatar
    tcc1
    Aspirant
    Apr 15, 2014
    Forgot to ask, if my NAS (NVX) is vulnerable how would I go about updating the OS? Or better yet how do I check what version OS does it have?

    tia
  • mdgm-ntgr's avatar
    mdgm-ntgr
    NETGEAR Employee Retired
    Apr 15, 2014
    The NVX runs 4.2.x which uses a version of OpenSSL that is older than the versions that are vulnerable.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More