If you have one of the QNAPs listed below, which is pretty much all of them, follow the instructions and update your firmware immediately. The 4.1.1 build 0927 update fixes a Unix-Linux Bash vulnerability called Shellshock. QNAP’s QTS is based on a Linux platform. To install, download and then go to Firmware Update within you QTS control panel.
QNAP Releases New QTS for the Turbo NAS with Fix on GNU Bash Environment Variable Command Injection Vulnerability
Taipei, Taiwan, September 29, 2014 – QNAP® Systems, Inc. today released a new version of QTS for its Turbo NAS lineup, fixing the GNU Bash Environment Variable Command Injection Vulnerability (CVE-2014-6271 and CVE-2014-7169), also known as “Shellshock,” that can allow attackers to gain remote control over UNIX/Linux-based systems. The Turbo NAS may also be affected under certain conditions.
QNAP’s security lab has verified the QTS version 4.1.1 Build 0927 and confirmed it has fixed the CVE-2014-6271 and CVE-2014-7169 vulnerability. Users are strongly advised to update their Turbo NAS units to this QTS version.
As the GNU Bash still have potential issues on CVE-2014-6277, which is not confirmed to be solved yet, QNAP will keep on watching the solution provided by GNU and release the corresponding hot fixes.
QTS 4.1.1 Build 0927 is now available for update directly on the Turbo NAS management interface (QTS) and on QNAP’s official download site (http://www.qnap.com/download) for the following Turbo NAS models:
* TS-EC880 Pro, TS-EC1080 Pro, TS-EC880U-RP, TS-EC1280U-RP, TS-EC1680U-RP, TS-EC2480U-RP
* TS-879 Pro, TS-1079 Pro, TS-879U-RP/EC879U-RP , TS-1279U-RP/EC1279U-RP, TS-1679U-RP/EC1679U-RP, SS-EC1279U-SAS-RP, SS-EC1879U-SAS-RP, SS-EC2479U-SAS-RP
* TS-470, TS-470 Pro, TS-670, TS-670 Pro, TS-870, TS-870 Pro
* TS-1270U-RP, TS-870U-RP, TS-1269U-RP,TS-869U-RP, TS-269 Pro/269L, TS-469 Pro/469L, TS-469U-RP/SP, TS-569 Pro/569L, TS-669 Pro/669L, TS-869 Pro/869L
* SS-453 Pro, SS-853 Pro, TS-253 Pro, TS-453 Pro, TS-653 Pro, TS-853 Pro
* TS-251, TS-451, TS-651, TS-851
* HS-210, HS-251, IS-400 Pro
* TS-121, TS-221, TS-421, TS-421U
* TS-120, TS-220, TS-420, TS-420U
* TS-119/119P+/119P II, TS-219/219P/219P+/219P II, TS-419P/419P+/419P II, TS-419U/419U+/419U II
* TS-259 Pro/259 Pro+, TS-459 Pro/459 Pro+/459 Pro II, TS-459U-RP/SP/459U-RP+/SP+, TS-509 Pro, TS-559 Pro/559 Pro+/559 Pro II, TS-659 Pro/659 Pro+/659 Pro II, TS-859 Pro/859 Pro+, TS-859U/859U+
* SS-439 Pro, SS-839 Pro, TS-239 Pro, TS-239H, TS-239 Pro II, TS-239 Pro II+, TS-439 Pro, TS-439 Pro II, TS-439 Pro II+, TS-439U RP/SP, TS-639 Pro
* TS-110, TS-210, TS-410, TS-410U
* TS-112, TS-212/212P/212-E, TS-412, TS-412U
* TS-809 Pro, TS-809U-RP
Users with further questions can contact QNAP Technical Support at:
QNAP Systems, Inc., as its brand promise “Quality Network Appliance Provider”, aims to deliver comprehensive offerings of cutting edge network attached storage (NAS) and network video recorder (NVR) solutions featured with ease-of-use, robust operation, large storage capacity, and trustworthy reliability. QNAP integrates technologies and designs to bring forth quality products that effectively improve business efficiency on file sharing, virtualization applications, storage management and surveillance in the business environments, as well as enrich entertainment life for home users with the offering of a fun multimedia center experience. Headquartered in Taipei, QNAP delivers its solutions to the global market with nonstop innovation and passion.