D-Link Forums

The Graveyard - Products No Longer Supported => D-Link Storage => DNS-320 => Topic started by: albert on September 27, 2014, 08:04:26 AM

Title: Shellshock aka "Bash Bug"
Post by: albert on September 27, 2014, 08:04:26 AM

If you have installed Fonz fun_plug (aka FFP), it's time to update the bash command. This is especially so if your NAS is exposed to the Internet.

All bash version from 1.14 through 4.3 are vulnerable to the Shellshock bug. The stock version from FFP-0.7 is v4.1.011 which failed the system vulnerability check stated here (https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-shellshock-bash-vulnerability). Good news is kylek has compiled v4.3.25 which is able to pass the test.

If you're using uwsiteloader script, you should know where to download the package but for those who doesn't, I have hosted it on Mediafire (http://www.mediafire.com/download/846trr4zbnz862p/bash-4.3.25-arm-3.txz) site.

Title: Re: Shellshock aka "Bash Bug"
Post by: FurryNutz on October 01, 2014, 10:31:57 AM

FYI:
http://forums.dlink.com/index.php?topic=56542.0 (http://forums.dlink.com/index.php?topic=56542.0)