× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973

New Kernel Exploit (CVE-2016-0728)

arikalish
Apprentice

New Kernel Exploit (CVE-2016-0728)

Looks like there's a pretty serious exploit in the Linux kernel:

 

http://linux.slashdot.org/story/16/01/19/1326212/serious-linux-kernel-vulnerability-patched

 

http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-...

 

Requires local access or a malicious app so ReadyNAS units are likely only vulnerable if they've got any add-ons installed. Might be worth trying to slip an update into the next RC.

Message 1 of 8

Accepted Solutions
kohdee
NETGEAR Expert

Re: New Kernel Exploit (CVE-2016-0728)

Hi,

We've addressed this in OS 6.4.2.

Coming soon 🙂

View solution in original post

Message 5 of 8

All Replies
AlexPe
NETGEAR Expert

Re: New Kernel Exploit (CVE-2016-0728)

Arikalish,

 

Thanks for sending this to us. I've submitted this to our engineering group.

 

I'm unsure what will be done about it at this point. I will up you via PM once I know more.

 

Alex

Message 2 of 8
arikalish
Apprentice

Re: New Kernel Exploit (CVE-2016-0728)

Alex,

Thanks for the quick response. Kernel updates are never fun. Understandable if it takes a little while to get cleared up.

Best,

Ari
Message 3 of 8
kohdee
NETGEAR Expert

Re: New Kernel Exploit (CVE-2016-0728)

While this is a pretty bad vulnerability, it'd be pretty hard to exploit from the get-go on ReadyNAS. You'd have to be able to execute the file from the backend. If you're concerned, disable SSH access to your ReadyNAS until we patch it. 

Message 4 of 8
kohdee
NETGEAR Expert

Re: New Kernel Exploit (CVE-2016-0728)

Hi,

We've addressed this in OS 6.4.2.

Coming soon 🙂

Message 5 of 8
walshlink
Luminary

Re: New Kernel Exploit (CVE-2016-0728)

NOT SOON ENOUGH! Smiley Wink

Message 6 of 8
ChristineT
Admin

Re: New Kernel Exploit (CVE-2016-0728)

Good afternoon ReadyNAS Community,

 

Thank you for all who contributed to this thread. Please see the following update.

 

ReadyNAS OS 6.4.2 now available!

 

Any additional feedback if the issue is resolved or not is greatly appreciated.

 

Thank you for choosing NETGEAR!

 

ChristineT

NETGEAR Community Team

Message 7 of 8
walshlink
Luminary

Re: New Kernel Exploit (CVE-2016-0728)

Installed...working awesome!

Message 8 of 8
Discussion stats
  • 7 replies
  • 7194 views
  • 5 kudos
  • 5 in conversation
Announcements