Sign in to follow this  
manfriday

Shellshock ??

Recommended Posts

Seems we should start a thread on the latest & greatest....the chaps down in security are very excited with this one

Share this post


Link to post
Share on other sites

Synology Product Security Advisory

https://www.synology.com/en-global/supp ... shellshock

 

2014-09-26

 

Important Information about Bash Vulnerability "ShellShock" (CVE-2014-6271 and CVE-2014-7169)

Description

 

A vulnerability of a commonly used UNIX command shell, Bash, has been discovered allowing unauthorized users to remotely gain control of vulnerable UNIX-like systems. A thorough investigation by Synology shows the majority of Synology NAS servers are not concerned. The design of Synology NAS operating system, DiskStation Manager (DSM), is safe by default. The bash command shell built-in in DSM is reserved for system service use (HA Manager) only and not available to public users. For preventive purpose, Synology is working on the patches addressing this bash vulnerability and to provide them as soon as possible.

 

Affected Models

 

Synology will release the corresponding update to address this weakness for the following models. We have confirmed that models which are not in this list are not concerned by this bash vulnerability.

 

15-series: DS415+

14-series: RS3614xs+, RS2414+, RS2414RP+, RS814+, RS814RP+, RS3614xs, RS3614RPxs

13-series: DS2413+, DS713+, RS10613xs+, RS3413xs+, DS1813+, DS1513+

12-series: DS712+, DS1512+, DS1812+, DS3612xs, RS3412xs, RS3412RPxs, DS412+, RS812+, RS812RP+, RS2212+, RS2212RP+

11-series: DS3611xs, RS3411xs, RS3411RPxs, DS2411+, RS2211+, RS2211RP+, DS1511+, DS411+II, DS411+

10-series: DS1010+, RS810+, RS810RP+, DS710+

Resolution

 

The affected models vary on different versions of DSM due to differences in implementation. It is encouraged to update your Synology NAS server to the latest version.

 

If your Synology NAS server is one of the above models and an update is available, please go to DSM > Control Panel > Update & Restore> DSM Update and install the latest updates to protect your DiskStation from malicious attacks.

Share this post


Link to post
Share on other sites

Just installed 4493 Update 7 in a Virtualbox machine (nanoboot5031x64_xpenology_5.0-4493_bootloader.iso, two disks). Update installs no problem (using sed on the .info file). Seems normal after the reboot, but I didn't have much else running on the VM.

 

Andrew

Share this post


Link to post
Share on other sites
Sign in to follow this