Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New ZealandSpark (or actually telecom) provided routers vulnerable to Shellshock?


43 posts

Geek
+1 received by user: 8


Topic # 153472 27-Sep-2014 22:24
Send private message

I have a ONT and a router provided by telecom for my fibre connection, are they vulnerable to the Shellshock bug?

I couldn't find any information on Spark's website.

Create new topic
2090 posts

Uber Geek
+1 received by user: 848


  Reply # 1142883 28-Sep-2014 09:28
One person supports this post
Send private message

Are either actually accessible to the internet?

You need a process that is internet accessible (apache etc) for it to actually be an issue externally.



43 posts

Geek
+1 received by user: 8


  Reply # 1142884 28-Sep-2014 09:32
Send private message

wasabi2k: Are either actually accessible to the internet?

You need a process that is internet accessible (apache etc) for it to actually be an issue externally.


i don't run web servers or anything but I do run things like BitTorrent and have configured port forwarding on the router, does that matter?

 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software
BDFL - Memuneh
60012 posts

Uber Geek
+1 received by user: 11112

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1142885 28-Sep-2014 09:42
One person supports this post
Send private message

He's asking if those processes run on the modem/router itself.




Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business)My technology disclosure  

 

You can support content creators (and Geekzone) by using the Brave browser.



43 posts

Geek
+1 received by user: 8


  Reply # 1142887 28-Sep-2014 09:46
Send private message

freitasm: He's asking if those processes run on the modem/router itself.


thanks.

No, the BT client runs on a Windows machine, the router only does port forwarding.

4025 posts

Uber Geek
+1 received by user: 1076

Trusted

  Reply # 1142926 28-Sep-2014 12:35
One person supports this post
Send private message

My Guess: Probably not. Most embedded devices in the modem/router category don't tend to run full bash, they tend to run busybox due to its small footprint.
Of course there are exceptions to this, which is why this bug is a problem even for embedded devices.

If you can get a telnet or ssh session open, use bash --version or echo $BASH_VERSION to see if you have it

3143 posts

Uber Geek
+1 received by user: 565

Trusted

  Reply # 1143005 28-Sep-2014 16:11
2 people support this post
Send private message

I'd be more worried about the dynalink routers that a certain ~4th largest ISP in the country was sending out to customers for about 5 years with admin/admin credentials and the port 80 web admin accessible on the WAN interface, with the DSL username and password in plaintext on the ppp settings page sourcecode.




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here

'That VDSL Cat'
7517 posts

Uber Geek
+1 received by user: 1492

Trusted
Spark
Subscriber

  Reply # 1143006 28-Sep-2014 16:13
Send private message

raytaylor: I'd be more worried about the dynalink routers that a certain ~4th largest ISP in the country was sending out to customers for about 5 years with admin/admin credentials and the port 80 web admin accessible on the WAN interface, with the DSL username and password in plaintext on the ppp settings page sourcecode.


dlinks were bad for this too :/




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.



43 posts

Geek
+1 received by user: 8


  Reply # 1143174 28-Sep-2014 22:07
Send private message

eXDee: My Guess: Probably not. Most embedded devices in the modem/router category don't tend to run full bash, they tend to run busybox due to its small footprint.
Of course there are exceptions to this, which is why this bug is a problem even for embedded devices.

If you can get a telnet or ssh session open, use bash --version or echo $BASH_VERSION to see if you have it

thanks for he information.

I didn't have luck getting telnet or ssh to work, I can get a telnet session but the user/password from the web interface doesn't work for telnet, ssh doesn't even connect.

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

TCF and Telcos Toughen Up on Scam Callers
Posted 23-Apr-2018 09:39

Amazon launches the International Shopping Experience in the Amazon Shopping App
Posted 19-Apr-2018 08:38

Spark New Zealand and TVNZ to bring coverage of Rugby World Cup 2019
Posted 16-Apr-2018 06:55

How Google can seize Microsoft Office crown
Posted 14-Apr-2018 11:08

How back office transformation drives IRD efficiency
Posted 12-Apr-2018 21:15

iPod laws in a smartphone world: will we ever get copyright right?
Posted 12-Apr-2018 21:13

Lightbox service using big data and analytics to learn more about customers
Posted 9-Apr-2018 12:11

111 mobile caller location extended to iOS
Posted 6-Apr-2018 13:50

Huawei announces the HUAWEI P20 series
Posted 29-Mar-2018 11:41

Symantec Internet Security Threat Report shows increased endpoint technology risks
Posted 26-Mar-2018 18:29

Spark switches on long-range IoT network across New Zealand
Posted 26-Mar-2018 18:22

Stuff Pix enters streaming video market
Posted 21-Mar-2018 09:18

Windows no longer Microsoft’s main focus
Posted 13-Mar-2018 07:47

Why phone makers are obsessed with cameras
Posted 11-Mar-2018 12:25

New Zealand Adopts International Open Data Charter
Posted 3-Mar-2018 12:48


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.