[操作疑難] Bash Shell Bug其實係咩?

CVE-2014-6277還未解決,咁會有咩潛在風險?

TOP

“視訊攝影機韌體都內含Bash腳本程式,視訊攝影機韌體不但較少被修補,同時也最可能曝露弱點。”

其實MS内也有,不過估計修復了。睇嚟IP CAM真係非常危險。Q仔又幾好,出得好快。

TOP

QNAP Releases Qfix 1.0.1 to Resolve Additional GNU Bash Environment Variable Command Injection Vulnerabilities

Taipei, Taiwan, October 2, 2014 – QNAP® Systems, Inc. today released the Qfix 1.0.1 patch for its Turbo NAS lineup to address the GNU Bash Environment Variable Command Injection Vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278, CVE-2014-7186, and CVE-2014-7187), also known as “Shellshock,” that can allow attackers to gain remote control over UNIX/Linux-based systems.

QNAP has previously released QTS version 4.1.1 Build 0927 to resolve CVE-2014-6271 and CVE-2014-7169. With Qfix 1.0.1 more vulnerabilities including CVE-2014-6277, CVE-2014-6278, CVE-2014-7186, and CVE-2014-7187 are now resolved. Users are strongly urged to immediately install Qfix 1.0.1 on their Turbo NAS.

Qfix 1.0.1 is now available for Turbo NAS running QTS 4.1.1 from QNAP’s official download site (http://www.qnap.com/download) for the following models:

TS-EC880 Pro, TS-EC1080 Pro, TS-EC880U-RP, TS-EC1280U-RP, TS-EC1680U-RP, TS-EC2480U-RP
TS-879 Pro, TS-1079 Pro, TS-879U-RP/EC879U-RP , TS-1279U-RP/EC1279U-RP, TS-1679U-RP/EC1679U-RP, SS-EC1279U-SAS-RP, SS-EC1879U-SAS-RP, SS-EC2479U-SAS-RP
TS-470, TS-470 Pro, TS-670, TS-670 Pro, TS-870, TS-870 Pro
TS-1270U-RP, TS-870U-RP, TS-1269U-RP,TS-869U-RP, TS-269 Pro/269L, TS-469 Pro/469L, TS-469U-RP/SP, TS-569 Pro/569L, TS-669 Pro/669L, TS-869 Pro/869L
SS-453 Pro, SS-853 Pro, TS-253 Pro, TS-453 Pro, TS-653 Pro, TS-853 Pro
TS-251, TS-451, TS-651, TS-851
HS-210, HS-251, IS-400 Pro
TS-121, TS-221, TS-421, TS-421U
TS-120, TS-220, TS-420, TS-420U
TS-119/119P+/119P II, TS-219/219P/219P+/219P II, TS-419P/419P+/419P II, TS-419U/419U+/419U II
TS-259 Pro/259 Pro+, TS-459 Pro/459 Pro+/459 Pro II, TS-459U-RP/SP, TS-459U-RP+/SP+, TS-559 Pro/559 Pro+/559 Pro II, TS-659 Pro/659 Pro+/659 Pro II, TS-859 Pro/859 Pro+, TS-859U/859U+
SS-439 Pro, SS-839 Pro, TS-239 Pro, TS-239H, TS-239 Pro II, TS-239 Pro II+, TS-439 Pro, TS-439 Pro II, TS-439 Pro II+, TS-439U RP/SP, TS-639 Pro
TS-110, TS-210, TS-410, TS-410U
TS-112/112P, TS-212/212P/212-E, TS-412, TS-412U
TS-509 Pro, TS-809 Pro, TS-809U-RP
QNAP will release a new patch later for the following Turbo NAS models, VioStor NVR models and NMP media players to fix Bash security issues:

Turbo NAS: TS-109/209/409/409U series
VioStor NVR (QVR 5.0.2 version):
VS-12164U-RP Pro+/ 12156U-RP Pro+/ 12148U-RP Pro+/ 12140U-RP Pro+
VS-12164U-RP Pro/ 12156U-RP Pro/ 12148U-RP Pro/ 12140U-RP Pro
VS-8148U-RP Pro+/ 8140U-RP Pro+/ 8132U-RP Pro+/ 8124U-RP Pro+
VS-8148U-RP Pro/ 8140U-RP Pro/ 8132U-RP Pro/ 8124U-RP Pro
VS-8148 Pro+/ 8140 Pro+/ 8132 Pro+/ 8124 Pro+
VS-6120/ 6116/ 6112 Pro+
VS-6020/ 6016/ 6012 Pro
VS-4116/ 4112/ 4108U-RP Pro+
VS-4016/ 4012/ 4008U-RP Pro
VS-4116/ 4112/ 4108 Pro+
VS-4016/ 4012/ 4008 Pro
VS-2112/ 2108/ 2104 Pro+
VS-2012/ 2008/ 2004 Pro
VS-2108L/ VS-2104L
Media players: NMP-1000P, NMP-1000
The following models are not affected by Bash security vulnerabilities:

Turbo NAS: TS-431, TS-231, TS-131, TS-201, TS-101, TS-100
QGenie: QG-103N
Users with further questions can contact QNAP Technical Support at: http://helpdesk.qnap.com.

又有更新了!

TOP

TOP

相關文章