Subject: Protect Your Turbo NAS from Remote Attackers - Bash (Shellshock) Vulnerabilities
Release date: October 5, 2014
Severity rating: Critical
CVE number: CVE-2014-6271、CVE-2014-7169、 CVE-2014-6277、CVE-2014-6278、CVE-2014-7186 and CVE-2014-7187
Affected product: All Turbo NAS models except TS-100, TS-101, TS-200
GNU Bash security vulnerabilities (CVE-2014-6271、CVE-2014-7169、 CVE-2014-6277、CVE-2014-6278、CVE-2014-7186 , and CVE-2014-7187), also known as “Shellshock,” might allow remote attackers to inject malicious code via specially-crafted environment variables and run commands from the Bash shell on UNIX/Linux-based systems, including the Turbo NAS.
QTS version 4.1.1 Build 1003 has integrated the official GNU Bash patches to fix these vulnerabilities. Users are strongly advised to update their Turbo NAS units to this QTS version through live update or download the QTS update file from the Download Center (http://www.qnap.com/download).
QTS 4.1.1 Build 1003 can be directly applied in the following two ways:
1. Live Update
Go to QTS -> Control Panel -> Firmware Update > Live Update
2. Manual Update
- Select your model and download the QTS from the QNAP website (http://www.qnap.com/download)
- Decompress the ZIP file.
- Go to QTS -> Control Panel ->Firmware Update- > Firmware Update Tab
Note: An update will be provided later for the following cases:
- For users who wish to continue to use QTS 4.0 and 3.8
- For QNAP TS-109/209/409/409U NAS series owners
If you have any questions regarding this issue, please contact us at http://helpdesk.qnap.com/
Welcome note and must-know for QNAP Forum members.
1 post • Page 1 of 1
- QNAP Staff
- Posts: 5400
- Joined: Thu May 21, 2009 2:14 pm
- Location: Taipei