- Odpowiedzi: 1
- ·
- TS-x77
- ·
- 1 GbE
- ·
- 5.1.5
Security Advisory for Turbo NAS Users
September 26, 2014
Dear customers,
This week there was a serious security flaw discovered for many Unix and Linux-based systems (CVE-2014-6271). QNAP® Systems, Inc. has been looking into the recent concerns over potential Bash code injection (CVE-2014-6271) that can lead to security vulnerabilities on the Turbo NAS and other Unix/Linux-based systems. A partial solution for CVE-2014-6271 exists but may result in another security vulnerability (CVE-2014-7169). QNAP is actively working on a solution for this issue, but in the meantime encourages all Turbo NAS users to take the following immediate actions to avoid any possible exploitation of their system.
As a temporary measure until a solution is released for this issue, please ensure that the following services of the Turbo NAS are disconnected from the Internet:
September 26, 2014
Dear customers,
This week there was a serious security flaw discovered for many Unix and Linux-based systems (CVE-2014-6271). QNAP® Systems, Inc. has been looking into the recent concerns over potential Bash code injection (CVE-2014-6271) that can lead to security vulnerabilities on the Turbo NAS and other Unix/Linux-based systems. A partial solution for CVE-2014-6271 exists but may result in another security vulnerability (CVE-2014-7169). QNAP is actively working on a solution for this issue, but in the meantime encourages all Turbo NAS users to take the following immediate actions to avoid any possible exploitation of their system.
As a temporary measure until a solution is released for this issue, please ensure that the following services of the Turbo NAS are disconnected from the Internet:
- Web administration
- Web server
- WebDAV
- Photo Station, Music Station, File Station, and any other NAS app that uses a web-based interface
- Login to QTS and disable the Web Server in Applications
- Login to QTS and disable the secure connection (SSL) in General Settings
- Disable NAS web administration using a SSH utility (such as putty):
- Connect to the Turbo NAS with admin username and password
- Type the following command and hit the “Enter” key:
Bash:/etc/init.d/thttpd.sh stop
- Restart the Turbo NAS, or
- Manually start the web administration via SSH by typing the following command:
Bash:/etc/init.d/thttpd.sh start