September 26, 201411 yr Easiest way would be a 5.0.6 Version and hopefully it comes quickly because unRaid is affected.
September 26, 201411 yr Is there any way to lock down a system in the mean time to help restrict access from a worm attack?
September 26, 201411 yr Unraid is not meant to be directly exposed to the internet anyway. It should have a private ip, and there should be no ports forwarded to unraids address in your router, unless you know exactly what you are doing, in which case you can patch bash yourself.
September 26, 201411 yr Unraid is not meant to be directly exposed to the internet anyway. It should have a private ip, and there should be no ports forwarded to unraids address in your router, unless you know exactly what you are doing, in which case you can patch bash yourself. This makes the assumption that all the people that will ever connect to the network that unRAID is on will have good intentions, which is not a good thing to assume.
September 26, 201411 yr Unraid is not meant to be directly exposed to the internet anyway. It should have a private ip, and there should be no ports forwarded to unraids address in your router, unless you know exactly what you are doing, in which case you can patch bash yourself. This makes the assumption that all the people that will ever connect to the network that unRAID is on will have good intentions, which is not a good thing to assume. Unraid is not hardened, at all. It shouldn't be on a publicly accessible network segment, period. If you can't trust the people in your household not to hack your server, you have other issues besides technology. Now, if you are a networking professional, and have experience with evaluating network security and such, it's a different matter, and as I said, you can do all the necessary and prudent things to allow public access to specific parts of an unraid box. If you are asking how to patch bash, you shouldn't be putting your unraid box in an environment where it could be hacked because you don't have the knowledge to evaluate the other risks. I'm not trying to be a jerk, and I'm sorry if you take it that way, I'm just trying to keep people's data safe.
September 26, 201411 yr That unRaid uses Telnet without authentification says it all. Nevertheless the bug in bash is serious and should be patched asap with a new version of unRaid. Doesn't matter if the server is accessible to the public or not. Period.
September 26, 201411 yr But it does make me even happier to be using a VM for torrents and plex that way my router points at the VM IP and not unRaids IP. And Arch VM already has the newest (read 2nd) Bash patch in the repo.
September 26, 201411 yr This bug has been around for a very long time. As far as I've read. The vulnerability affects versions 1.14 through 4.3 of GNU Bash. The issue is that script kiddies will attempt to use it as a method to gain entry. All devices that have used linux, bash and accept user input are candidates. While later versions of slackware have pre-compiled patched bash packages, It seems the unRAID slackware version does not. Maybe someone knows of a location for a patched & compiled slackware bash package.
September 26, 201411 yr More reading here. http://www.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability-0
September 26, 201411 yr Maybe someone knows of a location for a patched & compiled slackware bash package. Is this it? http://packetstormsecurity.com/files/128406/SSA-2014-267-01.txt
September 26, 201411 yr Unraid is not meant to be directly exposed to the internet anyway. It should have a private ip, and there should be no ports forwarded to unraids address in your router, unless you know exactly what you are doing, in which case you can patch bash yourself. This makes the assumption that all the people that will ever connect to the network that unRAID is on will have good intentions, which is not a good thing to assume. I'm less worried about people trying to connect at all. If you have a device that is exposed to the Internet (i.e. router) that gets infected, it could automatically propagate with a worm. This is why it is important to patch.
September 26, 201411 yr Unraid is not meant to be directly exposed to the internet anyway. It should have a private ip, and there should be no ports forwarded to unraids address in your router, unless you know exactly what you are doing, in which case you can patch bash yourself. This makes the assumption that all the people that will ever connect to the network that unRAID is on will have good intentions, which is not a good thing to assume. I'm less worried about people trying to connect at all. If you have a device that is exposed to the Internet (i.e. router) that gets infected, it could automatically propagate with a worm. This is why it is important to patch. That's my concern also.
September 26, 201411 yr For those running dd-wrt on their routers, this should be relevant. http://www.dd-wrt.com/phpBB2/viewtopic.php?p=919362
Archived
This topic is now archived and is closed to further replies.