D-Link Forums

D-Link Network Storage => ShareCenter® Add-on Applications => Topic started by: vtverdohleb on October 03, 2014, 07:51:16 AM

Title: Vulnerability was found out in bash (included in the addon sshd)
Post by: vtverdohleb on October 03, 2014, 07:51:16 AM
As it is said there are two news - good and bad.
Il start with  bad: vulnerability was found out in bash (included in the
addon sshd), which allows for remote user  to execute arbitrary code on the
target system. http://www.securitylab.ru/vulnerability/458762.php (http://www.securitylab.ru/vulnerability/458762.php)
The good news: is the hole is fixed in bash v.4.3.29 and it is already
available in the new version of the addon.
For those who know how to use wget, I recommend not to reinstall the
addon and download separately bash
https://app.box.com/s/66ij6f3r2h8cc333w6ls (https://app.box.com/s/66ij6f3r2h8cc333w6ls)
For those who don't know:
DNS-320L (http://dlink.vtverdohleb.org.ua/Add-On/current.php?package=sshd&model=DNS-320L), DNS-325 (http://dlink.vtverdohleb.org.ua/Add-On/current.php?package=sshd&model=DNS-325), DNS-327L (http://dlink.vtverdohleb.org.ua/Add-On/current.php?package=sshd&model=DNS-327L), DNS-345 (http://dlink.vtverdohleb.org.ua/Add-On/current.php?package=sshd&model=DNS-345)