manfriday Posted September 25, 2014 Share #1 Posted September 25, 2014 Seems we should start a thread on the latest & greatest....the chaps down in security are very excited with this one Link to comment Share on other sites More sharing options...
jagwaugh Posted September 25, 2014 Share #2 Posted September 25, 2014 I found a check which supposedly tests for the vulnerability. My xpenology VM is apparently clean. see http://www.theregister.co.uk/2014/09/24 ... hell_vuln/ Link to comment Share on other sites More sharing options...
fma965 Posted September 25, 2014 Share #3 Posted September 25, 2014 https://www.facebook.com/synology/posts ... 6914802897 The key bit being "we use busybox instead of bash" and the following... and http://093a56c2fb80599d.paste.se/ Link to comment Share on other sites More sharing options...
ad911 Posted September 28, 2014 Share #4 Posted September 28, 2014 Synology Product Security Advisory https://www.synology.com/en-global/supp ... shellshock 2014-09-26 Important Information about Bash Vulnerability "ShellShock" (CVE-2014-6271 and CVE-2014-7169) Description A vulnerability of a commonly used UNIX command shell, Bash, has been discovered allowing unauthorized users to remotely gain control of vulnerable UNIX-like systems. A thorough investigation by Synology shows the majority of Synology NAS servers are not concerned. The design of Synology NAS operating system, DiskStation Manager (DSM), is safe by default. The bash command shell built-in in DSM is reserved for system service use (HA Manager) only and not available to public users. For preventive purpose, Synology is working on the patches addressing this bash vulnerability and to provide them as soon as possible. Affected Models Synology will release the corresponding update to address this weakness for the following models. We have confirmed that models which are not in this list are not concerned by this bash vulnerability. 15-series: DS415+ 14-series: RS3614xs+, RS2414+, RS2414RP+, RS814+, RS814RP+, RS3614xs, RS3614RPxs 13-series: DS2413+, DS713+, RS10613xs+, RS3413xs+, DS1813+, DS1513+ 12-series: DS712+, DS1512+, DS1812+, DS3612xs, RS3412xs, RS3412RPxs, DS412+, RS812+, RS812RP+, RS2212+, RS2212RP+ 11-series: DS3611xs, RS3411xs, RS3411RPxs, DS2411+, RS2211+, RS2211RP+, DS1511+, DS411+II, DS411+ 10-series: DS1010+, RS810+, RS810RP+, DS710+ Resolution The affected models vary on different versions of DSM due to differences in implementation. It is encouraged to update your Synology NAS server to the latest version. If your Synology NAS server is one of the above models and an update is available, please go to DSM > Control Panel > Update & Restore> DSM Update and install the latest updates to protect your DiskStation from malicious attacks. Link to comment Share on other sites More sharing options...
Poechi Posted September 28, 2014 Share #5 Posted September 28, 2014 (edited) - Edited July 10, 2015 by Guest Link to comment Share on other sites More sharing options...
jagwaugh Posted September 29, 2014 Share #6 Posted September 29, 2014 Just installed 4493 Update 7 in a Virtualbox machine (nanoboot5031x64_xpenology_5.0-4493_bootloader.iso, two disks). Update installs no problem (using sed on the .info file). Seems normal after the reboot, but I didn't have much else running on the VM. Andrew Link to comment Share on other sites More sharing options...
kei78 Posted September 29, 2014 Share #7 Posted September 29, 2014 Updated to update 7 on my setup to take care of shellshock and it seems fine. Link to comment Share on other sites More sharing options...
Poechi Posted September 29, 2014 Share #8 Posted September 29, 2014 - Link to comment Share on other sites More sharing options...
Recommended Posts