× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Security Patch for NV+ - "Ghost" - CVE-2015-0235

curruscanis
Aspirant
Aspirant
‎2015-02-04 01:21 PM
‎2015-02-04 01:21 PM

Security Patch for NV+ - "Ghost" - CVE-2015-0235

I have an older ReadyNAS NV+ -- will there be an update to 4.2.28, like was posted for the x86 platform on this post: http://www.readynas.com/forum/viewtopic.php?f=51&t=70385

Skywalker, can you help me?


Thank you.
Message 1 of 9
0 Kudos
Reply
mdgm-ntgr
NETGEAR Employee Retired
‎2015-02-04 01:29 PM
‎2015-02-04 01:29 PM

Re: Security Patch for NV+ - "Ghost" - CVE-2015-0235

The NV+ v2 (runs 5.3.x) will have a patch for this. See http://www.rnasguide.com/2012/01/09/how-to-tell-whether-i-have-a-duo-v1-or-duo-v2-or-nv-v1-or-nv-v2/

Though since you say you have an older NV+ I guess you probably have the v1?
Message 2 of 9
Reply
curruscanis
Aspirant
Aspirant
‎2015-02-06 07:52 AM
‎2015-02-06 07:52 AM

Re: Security Patch for NV+ - "Ghost" - CVE-2015-0235

The patch for the NV+ V2 is not helpful as I have the older v1.

Is there any chance the patched version can be created for the v1?

I don't want to have to buy a new unit due to such a simple flaw...
Message 3 of 9
0 Kudos
Reply
mdgm-ntgr
NETGEAR Employee Retired
‎2015-02-06 01:30 PM
‎2015-02-06 01:30 PM

Re: Security Patch for NV+ - "Ghost" - CVE-2015-0235

See Skywalker's comment in http://www.readynas.com/forum/viewtopic.php?f=7&t=79749
Message 4 of 9
0 Kudos
Reply
vinceS1
Aspirant
Aspirant
‎2015-05-02 09:11 AM
‎2015-05-02 09:11 AM

Re: Security Patch for NV+ - "Ghost" - CVE-2015-0235

Is an update for NV+ v1 still TBD per Skywalker's comment? My institution won't allow me to use the device unless the vulnerability is removed. RAIDiator 4.1.14 is the latest version??
Message 5 of 9
0 Kudos
Reply
mdgm-ntgr
NETGEAR Employee Retired
‎2015-05-02 05:58 PM
‎2015-05-02 05:58 PM

Re: Security Patch for NV+ - "Ghost" - CVE-2015-0235

4.1.15 beta addresses some vulnerabilities: http://www.readynas.com/forum/viewtopic.php?f=17&t=59222

I don't see any mention of Ghost in the 4.1.15 beta release notes.

The NV+ was discontinued years ago now. Perhaps it would be about time you got a new ReadyNAS anyway?
Message 6 of 9
0 Kudos
Reply
btaroli
Prodigy
Prodigy
‎2015-05-02 07:47 PM
‎2015-05-02 07:47 PM

Re: Security Patch for NV+ - "Ghost" - CVE-2015-0235

Is Netgear officially de-upporting them? If not, better keep the security patches flowing. And to be clear, I wouldn't fault them for de supporting the SPARC models. They are ancient really. But it's really all down to whether they're supported or not. If not, then people shouldn't expect or anticipate patches, such as with Windows XP and very soon all 2003 variants.
Message 7 of 9
0 Kudos
Reply
mdgm-ntgr
NETGEAR Employee Retired
‎2015-05-02 08:40 PM
‎2015-05-02 08:40 PM

Re: Security Patch for NV+ - "Ghost" - CVE-2015-0235

I have asked our engineering team for an update on whether we will add a patch for Ghost.

4.1.15 beta adds patches for some vulnerabilities at least one of which was more recently announced than Ghost.
Message 8 of 9
Reply
vinceS1
Aspirant
Aspirant
‎2015-05-04 09:19 AM
‎2015-05-04 09:19 AM

Re: Security Patch for NV+ - "Ghost" - CVE-2015-0235

Thanks mdgm, I installed RAIDiator-4.1.15-T3. I hadn't seen the newest beta and wasn't sure if beta was a good thing to install.
Message 9 of 9
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 8 replies
  • ‎2015-02-04 01:21 PM
  • 5910 views
  • 2 kudos
  • 4 in conversation
Announcements