maccabbi Posted September 26, 2014 Share Posted September 26, 2014 Whats the best way to patch bash on unraid 5.0.5? Link to comment
darkside40 Posted September 26, 2014 Share Posted September 26, 2014 Easiest way would be a 5.0.6 Version and hopefully it comes quickly because unRaid is affected. Link to comment
lallhands Posted September 26, 2014 Share Posted September 26, 2014 Is there any way to lock down a system in the mean time to help restrict access from a worm attack? Link to comment
JonathanM Posted September 26, 2014 Share Posted September 26, 2014 Unraid is not meant to be directly exposed to the internet anyway. It should have a private ip, and there should be no ports forwarded to unraids address in your router, unless you know exactly what you are doing, in which case you can patch bash yourself. Link to comment
sureguy Posted September 26, 2014 Share Posted September 26, 2014 Unraid is not meant to be directly exposed to the internet anyway. It should have a private ip, and there should be no ports forwarded to unraids address in your router, unless you know exactly what you are doing, in which case you can patch bash yourself. This makes the assumption that all the people that will ever connect to the network that unRAID is on will have good intentions, which is not a good thing to assume. Link to comment
JonathanM Posted September 26, 2014 Share Posted September 26, 2014 Unraid is not meant to be directly exposed to the internet anyway. It should have a private ip, and there should be no ports forwarded to unraids address in your router, unless you know exactly what you are doing, in which case you can patch bash yourself. This makes the assumption that all the people that will ever connect to the network that unRAID is on will have good intentions, which is not a good thing to assume. Unraid is not hardened, at all. It shouldn't be on a publicly accessible network segment, period. If you can't trust the people in your household not to hack your server, you have other issues besides technology. Now, if you are a networking professional, and have experience with evaluating network security and such, it's a different matter, and as I said, you can do all the necessary and prudent things to allow public access to specific parts of an unraid box. If you are asking how to patch bash, you shouldn't be putting your unraid box in an environment where it could be hacked because you don't have the knowledge to evaluate the other risks. I'm not trying to be a jerk, and I'm sorry if you take it that way, I'm just trying to keep people's data safe. Link to comment
darkside40 Posted September 26, 2014 Share Posted September 26, 2014 That unRaid uses Telnet without authentification says it all. Nevertheless the bug in bash is serious and should be patched asap with a new version of unRaid. Doesn't matter if the server is accessible to the public or not. Period. Link to comment
jumperalex Posted September 26, 2014 Share Posted September 26, 2014 But it does make me even happier to be using a VM for torrents and plex that way my router points at the VM IP and not unRaids IP. And Arch VM already has the newest (read 2nd) Bash patch in the repo. Link to comment
WeeboTech Posted September 26, 2014 Share Posted September 26, 2014 This bug has been around for a very long time. As far as I've read. The vulnerability affects versions 1.14 through 4.3 of GNU Bash. The issue is that script kiddies will attempt to use it as a method to gain entry. All devices that have used linux, bash and accept user input are candidates. While later versions of slackware have pre-compiled patched bash packages, It seems the unRAID slackware version does not. Maybe someone knows of a location for a patched & compiled slackware bash package. Link to comment
WeeboTech Posted September 26, 2014 Share Posted September 26, 2014 More reading here. http://www.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability-0 Link to comment
eroz Posted September 26, 2014 Share Posted September 26, 2014 Maybe someone knows of a location for a patched & compiled slackware bash package. Is this it? http://packetstormsecurity.com/files/128406/SSA-2014-267-01.txt Link to comment
WeeboTech Posted September 26, 2014 Share Posted September 26, 2014 That looks to be it. Thanks! Link to comment
lallhands Posted September 26, 2014 Share Posted September 26, 2014 Unraid is not meant to be directly exposed to the internet anyway. It should have a private ip, and there should be no ports forwarded to unraids address in your router, unless you know exactly what you are doing, in which case you can patch bash yourself. This makes the assumption that all the people that will ever connect to the network that unRAID is on will have good intentions, which is not a good thing to assume. I'm less worried about people trying to connect at all. If you have a device that is exposed to the Internet (i.e. router) that gets infected, it could automatically propagate with a worm. This is why it is important to patch. Link to comment
WeeboTech Posted September 26, 2014 Share Posted September 26, 2014 Unraid is not meant to be directly exposed to the internet anyway. It should have a private ip, and there should be no ports forwarded to unraids address in your router, unless you know exactly what you are doing, in which case you can patch bash yourself. This makes the assumption that all the people that will ever connect to the network that unRAID is on will have good intentions, which is not a good thing to assume. I'm less worried about people trying to connect at all. If you have a device that is exposed to the Internet (i.e. router) that gets infected, it could automatically propagate with a worm. This is why it is important to patch. That's my concern also. Link to comment
jumperalex Posted September 26, 2014 Share Posted September 26, 2014 For those running dd-wrt on their routers, this should be relevant. http://www.dd-wrt.com/phpBB2/viewtopic.php?p=919362 Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.