NETGEAR updated both the SPARC and x86 based ReadyNAS firmware lines to address the vulnerability. (i.e. 4.1.12 and 4.2.24)
The models listed with the firmware updates are as follows:
ReadyNAS NV+ v1, ReadyNAS Duo v1, ReadyNAS 1100, ReadyNAS 1500, ReadyNAS 2100, ReadyNAS 3100, ReadyNAS 3200, ReadyNAS 4200, ReadyNAS Ultra 2/Plus, ReadyNAS Ultra 4/Plus, ReadyNAS Ultra 6/Plus, ReadyNAS Pro 2, ReadyNAS Pro 4, ReadyNAS Pro 6, ReadyNAS Pro Business Edition, ReadyNAS Pro Pioneer Edition, ReadyNAS NVX, ReadyNAS NVX Pioneer Edition
How hard would it be to write a program to find vulnerable boxes and force a patch via the exploit?
From a strictly technical perspective, this particular vulnerability is in fact not hard at all to exploit and deliver a fix. diff: http://pastebin.com/aWCwdnhL
We didn't actually make such a tool but VERT did discuss the possibility.
Slashdot Mirror
Don't expose frontview on any ReadyNAS to an untrusted network.
FYI - 4.1.12 : http://www.readynas.com/?p=6999 "Updated Frontview to fix security issues."
NETGEAR updated both the SPARC and x86 based ReadyNAS firmware lines to address the vulnerability. (i.e. 4.1.12 and 4.2.24) The models listed with the firmware updates are as follows: ReadyNAS NV+ v1, ReadyNAS Duo v1, ReadyNAS 1100, ReadyNAS 1500, ReadyNAS 2100, ReadyNAS 3100, ReadyNAS 3200, ReadyNAS 4200, ReadyNAS Ultra 2/Plus, ReadyNAS Ultra 4/Plus, ReadyNAS Ultra 6/Plus, ReadyNAS Pro 2, ReadyNAS Pro 4, ReadyNAS Pro 6, ReadyNAS Pro Business Edition, ReadyNAS Pro Pioneer Edition, ReadyNAS NVX, ReadyNAS NVX Pioneer Edition
Amen.
How hard would it be to write a program to find vulnerable boxes and force a patch via the exploit?
From a strictly technical perspective, this particular vulnerability is in fact not hard at all to exploit and deliver a fix. diff: http://pastebin.com/aWCwdnhL We didn't actually make such a tool but VERT did discuss the possibility.