« previous next »
Pages: [1]

Author Topic: Bash Vulnerability  (Read 3654 times)

farcusnz

  • Calf
  • *
  • Posts: 21
Bash Vulnerability
« on: September 26, 2014, 07:38:17 PM »
Will Buffalo be releasing patched firmware for Linkstation NAS devices to address the BASH vulnerability (Shellshock)?
Specifically in my case in regards to Linkstation LS-CHL devices.
Logged

tilbert

  • Calf
  • *
  • Posts: 1
Re: Bash Vulnerability
« Reply #1 on: September 27, 2014, 01:38:04 PM »
Please make available the patched busybox executable.
Logged

farcusnz

  • Calf
  • *
  • Posts: 21
Re: Bash Vulnerability
« Reply #2 on: October 09, 2014, 06:50:40 AM »
bump
Logged

joma90

  • VIP
  • *
  • Posts: 552
  • Life would be easy if we only had the source code!
    • Let me show you how to google
Re: Bash Vulnerability
« Reply #3 on: October 09, 2014, 10:22:27 AM »
So in honest opinion. I hope they do but i all honesty, if you unit isnt on the site. It will probably not get the release for it. Buffalo and like most other companies will only software releases and updates if its not EOL, (end of life), LS-CHL was EOL long time ago. Though Buffalo is one of the few companies what will get you techsupport still for eol, or out of warranty. Releasing a fix for it will be a long shot.
 if its a V2 you can use the downloads from the ls-wvl (linkstation Pro).

This is just something i have notice over the years of talking with companies.
Logged
Units I own: TS-XL, TS-WXL, LS-WVL, TS-RXL,  TS5400, TS-RVHL,

I don't work for Buffalo but i do love there products enough to help people

farcusnz

  • Calf
  • *
  • Posts: 21
Re: Bash Vulnerability
« Reply #4 on: November 23, 2014, 07:59:04 PM »
Buffalo (Europe) have released a firmware update (ver 1.69) for the following Linkstation devices

Quote
LS-XHL,LS-CHL,LS-WXL,LS-WSXL,LS-SL,LS-AVL,LS-VL,LS-
WVL,LS-QVL,LS-XL,LS-YL,LS-WXBL

to address

Quote
- Modified to deal with vulnerabilities of Bash programming which allows
remote attackers to execute arbitrary commands (CVE-2014-6271 and CVE-
2014-7169).

So I guess anyone that runs one of these devices should probably download from Buffalo Europe and install.
Interesting that Buffalo North America haven't seen fit to update.

edit: as fas as LS-CHL is concerned the update is only available for LS-CHLv2
« Last Edit: November 23, 2014, 08:02:32 PM by farcusnz »
Logged

ClodeRunner

  • Guest
Re: Bash Vulnerability
« Reply #5 on: November 24, 2014, 06:00:01 AM »
Hello,

Just upgraded without any issue on MacOS Yosemite.
Logged

farcusnz

  • Calf
  • *
  • Posts: 21
Re: Bash Vulnerability
« Reply #6 on: November 24, 2014, 06:52:22 AM »
should probably point out that the firmware is available on the North American website - it just isn't listed as being available for LS-CHL devices (except in the readme)

Windows
http://www.buffalotech.com/support-and-downloads/download/ls_series-169.zip

Mac
http://www.buffalotech.com/support-and-downloads/download/ls_series-169_fwmac.dmg

Readme / Changelog
http://www.buffalotech.com/support-and-downloads/download/ls_series-169_readme_en.txt
Logged
Pages: [1]
« previous next »