PHP / POODLE Vulns

Con7undrum · Post by **Con7undrum** » 29 Oct 2014 22:34

Just ran a quick vuln scan and noticed that my NAS4Free (9.2.0.1 - Shigawire (revision 972)) has a few vulnerabilities. Namely, PHP and POODLE. I did a quick scan of the forums and saw a mention back in July about waiting for someone to update the PHP source files but nothing more. Are there any timelines for patching them? Does anyone know if there's a way to "upgrade" or patch the PHP binaries on a NAS4Free box?

TL;DR - NAS4Free has several PHP vulns and is vuln to POODLE. Are there ETAs for updates / patches?

Post by **raulfg3** » 30 Oct 2014 08:00

yes, PHP are patched on latest releases , you only need that this releases are compiled and uploaded or install from source to avoid vulneravilities.

http://sourceforge.net/p/nas4free/code/commit_browser

Con7undrum · Post by **Con7undrum** » 30 Oct 2014 10:51

Awesome! Ok, one more dumb question - is there a guide to compile / install the embedded version with the latest releases? Or instructions on how to install from source?

Con7undrum · Post by **Con7undrum** » 30 Oct 2014 14:02

NVM - Google is your friend.

http://wiki.nas4free.org/doku.php?id=do ... om_scratch

Con7undrum · Post by **Con7undrum** » 31 Oct 2014 02:30

Apparently I was mistaken...the guide appears to not quite work the way I was expecting. Is there a more current or up-to-date guide / instruction set?

XigmaNAS

PHP / POODLE Vulns

PHP / POODLE Vulns

Re: PHP / POODLE Vulns

Re: PHP / POODLE Vulns

Re: PHP / POODLE Vulns

Re: PHP / POODLE Vulns