Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Security Patch for NV+ - "Ghost" - CVE-2015-0235
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2015-02-04
01:21 PM
2015-02-04
01:21 PM
Security Patch for NV+ - "Ghost" - CVE-2015-0235
I have an older ReadyNAS NV+ -- will there be an update to 4.2.28, like was posted for the x86 platform on this post: http://www.readynas.com/forum/viewtopic.php?f=51&t=70385
Skywalker, can you help me?
Thank you.
Skywalker, can you help me?
Thank you.
Message 1 of 9
Labels:
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2015-02-04
01:29 PM
2015-02-04
01:29 PM
Re: Security Patch for NV+ - "Ghost" - CVE-2015-0235
The NV+ v2 (runs 5.3.x) will have a patch for this. See http://www.rnasguide.com/2012/01/09/how-to-tell-whether-i-have-a-duo-v1-or-duo-v2-or-nv-v1-or-nv-v2/
Though since you say you have an older NV+ I guess you probably have the v1?
Though since you say you have an older NV+ I guess you probably have the v1?
Message 2 of 9
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2015-02-06
07:52 AM
2015-02-06
07:52 AM
Re: Security Patch for NV+ - "Ghost" - CVE-2015-0235
The patch for the NV+ V2 is not helpful as I have the older v1.
Is there any chance the patched version can be created for the v1?
I don't want to have to buy a new unit due to such a simple flaw...
Is there any chance the patched version can be created for the v1?
I don't want to have to buy a new unit due to such a simple flaw...
Message 3 of 9
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2015-02-06
01:30 PM
2015-02-06
01:30 PM
Re: Security Patch for NV+ - "Ghost" - CVE-2015-0235
See Skywalker's comment in http://www.readynas.com/forum/viewtopic.php?f=7&t=79749
Message 4 of 9
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2015-05-02
09:11 AM
2015-05-02
09:11 AM
Re: Security Patch for NV+ - "Ghost" - CVE-2015-0235
Is an update for NV+ v1 still TBD per Skywalker's comment? My institution won't allow me to use the device unless the vulnerability is removed. RAIDiator 4.1.14 is the latest version??
Message 5 of 9
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2015-05-02
05:58 PM
2015-05-02
05:58 PM
Re: Security Patch for NV+ - "Ghost" - CVE-2015-0235
4.1.15 beta addresses some vulnerabilities: http://www.readynas.com/forum/viewtopic.php?f=17&t=59222
I don't see any mention of Ghost in the 4.1.15 beta release notes.
The NV+ was discontinued years ago now. Perhaps it would be about time you got a new ReadyNAS anyway?
I don't see any mention of Ghost in the 4.1.15 beta release notes.
The NV+ was discontinued years ago now. Perhaps it would be about time you got a new ReadyNAS anyway?
Message 6 of 9
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2015-05-02
07:47 PM
2015-05-02
07:47 PM
Re: Security Patch for NV+ - "Ghost" - CVE-2015-0235
Is Netgear officially de-upporting them? If not, better keep the security patches flowing. And to be clear, I wouldn't fault them for de supporting the SPARC models. They are ancient really. But it's really all down to whether they're supported or not. If not, then people shouldn't expect or anticipate patches, such as with Windows XP and very soon all 2003 variants.
Message 7 of 9
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2015-05-02
08:40 PM
2015-05-02
08:40 PM
Re: Security Patch for NV+ - "Ghost" - CVE-2015-0235
I have asked our engineering team for an update on whether we will add a patch for Ghost.
4.1.15 beta adds patches for some vulnerabilities at least one of which was more recently announced than Ghost.
4.1.15 beta adds patches for some vulnerabilities at least one of which was more recently announced than Ghost.
Message 8 of 9
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2015-05-04
09:19 AM
2015-05-04
09:19 AM
Re: Security Patch for NV+ - "Ghost" - CVE-2015-0235
Thanks mdgm, I installed RAIDiator-4.1.15-T3. I hadn't seen the newest beta and wasn't sure if beta was a good thing to install.
Message 9 of 9