News:

Buffalo provides Data Recovery services. Read about it here.

Main Menu

Bash Vulnerability

Started by farcusnz, September 26, 2014, 07:38:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

farcusnz

September 26, 2014, 07:38:17 PM
Will Buffalo be releasing patched firmware for Linkstation NAS devices to address the BASH vulnerability (Shellshock)?
Specifically in my case in regards to Linkstation LS-CHL devices.

tilbert

#1
September 27, 2014, 01:38:04 PM
Please make available the patched busybox executable.

joma90

#3
October 09, 2014, 10:22:27 AM
So in honest opinion. I hope they do but i all honesty, if you unit isnt on the site. It will probably not get the release for it. Buffalo and like most other companies will only software releases and updates if its not EOL, (end of life), LS-CHL was EOL long time ago. Though Buffalo is one of the few companies what will get you techsupport still for eol, or out of warranty. Releasing a fix for it will be a long shot.
if its a V2 you can use the downloads from the ls-wvl (linkstation Pro).

This is just something i have notice over the years of talking with companies.
Units I own: TS-XL, TS-WXL, LS-WVL, TS-RXL,  TS5400, TS-RVHL,

I don't work for Buffalo but i do love there products enough to help people

farcusnz

#4
November 23, 2014, 07:59:04 PM Last Edit: November 23, 2014, 08:02:32 PM by farcusnz
Buffalo (Europe) have released a firmware update (ver 1.69) for the following Linkstation devices

QuoteLS-XHL,LS-CHL,LS-WXL,LS-WSXL,LS-SL,LS-AVL,LS-VL,LS-
WVL,LS-QVL,LS-XL,LS-YL,LS-WXBL

to address

Quote
- Modified to deal with vulnerabilities of Bash programming which allows
remote attackers to execute arbitrary commands (CVE-2014-6271 and CVE-
2014-7169).

So I guess anyone that runs one of these devices should probably download from Buffalo Europe and install.
Interesting that Buffalo North America haven't seen fit to update.

edit: as fas as LS-CHL is concerned the update is only available for LS-CHLv2

ClodeRunner

#5
November 24, 2014, 06:00:01 AM
Hello,

Just upgraded without any issue on MacOS Yosemite.

farcusnz

#6
November 24, 2014, 06:52:22 AM
should probably point out that the firmware is available on the North American website - it just isn't listed as being available for LS-CHL devices (except in the readme)

Windows
http://www.buffalotech.com/support-and-downloads/download/ls_series-169.zip

Mac
http://www.buffalotech.com/support-and-downloads/download/ls_series-169_fwmac.dmg

Readme / Changelog
http://www.buffalotech.com/support-and-downloads/download/ls_series-169_readme_en.txt
Print
Go Up Pages1
User actions
Browser ID: smf (is_webkit)
Templates: 4: index (default), Display (default), GenericControls (default), GenericControls (default).
Sub templates: 6: init, html_above, body_above, main, body_below, html_below.
Language files: 5: index+Modifications.english (default), Post.english (default), Editor.english (default), Drafts.english (default), StopForumSpam.english (default).
Style sheets: 4: index.css, attachments.css, jquery.sceditor.css, responsive.css.
Hooks called: 252 (show)
Files included: 35 - 1354KB. (show)
Memory used: 1041KB.
Tokens: post-login.
Queries used: 19.

[Show Queries]