Subject: Protect Your Turbo NAS from Remote Attackers - Bash (Shellshock) Vulnerabilities
Release date: October 5, 2014
Severity rating: Critical
CVE number: CVE-2014-6271、CVE-2014-7169、 CVE-2014-6277、CVE-2014-6278、CVE-2014-7186 and CVE-2014-7187
Affected product: All Turbo NAS models except TS-100, TS-101, TS-200
Summary:
GNU Bash security vulnerabilities (CVE-2014-6271、CVE-2014-7169、 CVE-2014-6277、CVE-2014-6278、CVE-2014-7186 , and CVE-2014-7187), also known as “Shellshock,” might allow remote attackers to inject malicious code via specially-crafted environment variables and run commands from the Bash shell on UNIX/Linux-based systems, including the Turbo NAS.
Solution:
QTS version 4.1.1 Build 1003 has integrated the official GNU Bash patches to fix these vulnerabilities. Users are strongly advised to update their Turbo NAS units to this QTS version through live update or download the QTS update file from the Download Center (http://www.qnap.com/download).
QTS 4.1.1 Build 1003 can be directly applied in the following two ways:
1. Live Update
Go to QTS -> Control Panel -> Firmware Update > Live Update
2. Manual Update
- Select your model and download the QTS from the QNAP website (http://www.qnap.com/download)
- Decompress the ZIP file.
- Go to QTS -> Control Panel ->Firmware Update- > Firmware Update Tab
Note: An update will be provided later for the following cases:
- For users who wish to continue to use QTS 4.0 and 3.8
- For QNAP TS-109/209/409/409U NAS series owners
If you have any questions regarding this issue, please contact us at http://helpdesk.qnap.com/
Upgrade to QTS 4.1.1 B1003 for Security Enhancements
Welcome note and must-know for QNAP Forum members.
- QNAPJason
- QNAP Staff
- Posts: 5398
- Joined: Thu May 21, 2009 2:14 pm
- Location: Taipei
Jump to
- QNAP General
- ↳ Announcements
- ↳ Features Wanted
- ↳ Users' Corner
- ↳ Official Apps
- ↳ Prestashop
- ↳ Webalizer
- ↳ Virtualization Station
- ↳ Notes Station
- ↳ SocialLink Station
- ↳ McAfee Antivirus
- ↳ IT Management Station
- ↳ Container Station
- ↳ Qsirch & Qfiling
- ↳ Community Apps
- ↳ Apps Wanted
- ↳ Partner Apps
- ↳ BitTorrent Sync
- ↳ EZPhone
- ↳ Plex Media Server
- ↳ Ragic
- ↳ Tonido
- Getting Started
- ↳ Frequently Asked Questions
- ↳ Presales
- ↳ Turbo Station Installation & Setup
- General
- ↳ Hardware & Software Compatibility
- ↳ HDD Spin Down (HDD Standby)
- ↳ Seagate Drive Discussion
- ↳ Western Digital Drive Discussion
- ↳ File Sharing
- ↳ Mac OS
- ↳ Linux & Unix (NFS)
- ↳ Windows
- ↳ Backup & Restore
- ↳ Symform
- ↳ Microsoft Azure
- ↳ OpenStack Swift
- ↳ Amazon Glacier
- ↳ Amazon S3
- ↳ WebDAV-based Backup
- ↳ Google Cloud Storage
- ↳ Object Storage Server
- ↳ ElephantDrive
- ↳ Xopero
- ↳ System & Disk Volume Management
- ↳ Web Server & Applications (Apache + PHP + MySQL / SQLite)
- ↳ Download Station and QGet
- ↳ myQNAPcloud service
- ↳ Surveillance Solution
- ↳ Miscellaneous
- ↳ QIoT
- ↳ QuAI
- ↳ QVR Face
- Business
- ↳ Windows Domain & Active Directory
- ↳ iSCSI – Target & Virtual Disk
- ↳ Remote Replication/ Disaster Recovery
- ↳ Server Virtualization & Clustering
- ↳ NAS Management
- ↳ QES Operating System (QNAP Enterprise Storage OS)
- Multimedia
- ↳ Photo Station, Music Station, Video Station
- ↳ Media Streaming
- ↳ Mobile Devices