12/16/2014

#shellshock if you haven't patched your qnap servers you will get hacked

some cloudproviders have been hacked over the last days

this is an alert, read more on the problem by following the link

"Shellshock is far from "over", with many devices still not patched and out there ready for exploitation. One set of the devices receiving a lot of attention recently are QNAP disk storage systems. QNAP released a patch in early October, but applying the patch is not automatic and far from trivial for many users[1]. Our reader Erich submitted a link to an interesting Pastebin post with code commonly used in these scans [2]

 

The attack targets a QNAP CGI script, "/cgi-bin/authLogin.cgi", a well known vector for Shellshock on QNAP devices [3]. This script is called during login, and reachable without authentication. The exploit is then used to launch a simple shell script that will download and execute a number of additional pieces of malware:
https://isc.sans.edu/forums/diary/Worm+Backdoors+and+Secu...

and this comment shows why automatic patching is so important

"I have one of the affected units. In the firmware update section of the admin interface, the closest thing I can find for an auto-updater is a checkbox that reads, "Automatically check if a new version is available when logging into the NAS web administration interface." From there, you have to manually tell the system to update -- as far as I can tell, there is no option to automatically update the unit. And the manufacturer doesn't send out emails to notify users when there is an update.
http://arstechnica.com/security/2014/12/worm-exploits-nas...

Permalink | |  Print |  Facebook | | | | Pin it! |

The comments are closed.