Buffalo NAS-Central Forums

Welcome to the Linkstation Wiki community
It is currently Fri Jul 20, 2018 4:06 am

All times are UTC+01:00




Post new topic  Reply to topic  [ 4 posts ] 

Do you give a f**k?
I don't give a f**k... 0%  0%  [ 0 ]
I give a f**k - but what? 0%  0%  [ 0 ]
Shît happens & live sucks and the NSA is deep in my anus 33%  33%  [ 1 ]
Oh, nice - now I have work installing debian... 67%  67%  [ 2 ]
I deleted all data and throwed the NSA -urks- the NAS out of the window! 0%  0%  [ 0 ]
Never ending stories... 0%  0%  [ 0 ]
Total votes: 3
Author Message
PostPosted: Wed Oct 15, 2014 6:15 pm 
Offline
Total Newbie

Joined: Wed Oct 15, 2014 5:52 pm
Posts: 3
F**K ! ! !

After H-E-A-R-T-B-L-E-E-D now we are all S-H-E-L-L-S-H-O-C-K-E-D :twisted: :evil: :twisted: :evil: :twisted:

If you are not running a rooted nas with the most recent debian (probably 7 or 8) and all your packages up-to-date you are f**ked like me :down:

Expect that everybody can access your files - not only the NSA! Shît happens & live sucks!

List of vulnerable and not vulnerable

  • Debian 7 or 8 with most recent updates, bash is ??? - not vulnerable
  • FW LS-CHL shonk 1.65 (with modifications by noone?), bash is ??? - not vulnerable
  • SteveWonder FW (HS-DHGL_FW_236-shmod16) bash is 2.05b.0(1) - vulnerable
  • to be continued... - vulnerable


...we can make a list here - but i guess ALL are vulnerable, expect the good old debian...


Last edited by SHELLSHOCK on Thu Oct 16, 2014 1:30 pm, edited 2 times in total.

Top
   
PostPosted: Thu Oct 16, 2014 12:06 pm 
Offline
Newbie

Joined: Tue Jun 11, 2013 11:28 am
Posts: 30
Hi,

I have only updated openssl and bash with my own builds from git repos.
I a on ls-chl sbonk 1.65

Regards


Top
   
PostPosted: Thu Oct 16, 2014 1:26 pm 
Offline
Total Newbie

Joined: Wed Oct 15, 2014 5:52 pm
Posts: 3
noone wrote:
Hi,

I have only updated openssl and bash with my own builds from git repos.
I a on ls-chl sbonk 1.65

Regards

Nice one, congreds! :up: Which bash version is it than the one of yours?

Your version might be not compatible with the LS-GL (Pro/Live) v1?

And I guess the version you use is: "FW LS-CHL shonk 1.65" right? With or without modifications? Maybe you want to give a Link here...

thx for your reply... hopefully there are some more people interested in there security... but I guess over 90% of the nas-devices are keep being vulnerable...

greetings


Top
   
PostPosted: Tue Oct 21, 2014 9:19 am 
Offline
Newbie

Joined: Tue Jun 11, 2013 11:28 am
Posts: 30
"FW LS-CHL shonk 1.65" is correct

bash 4.3 from git
openssl 1.1.0-dev

what kind of links do you need?
download and install the fw from shonk.
add ipkg manager and install git to get up-to-date sources
or download the sources from official web site.

Regards


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 4 posts ] 

All times are UTC+01:00


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited