Shell Shock : Updating Bash on WD MyCloud
|
Directions
| Shell Shock is affecting millions of OS installations using Bash, among those are Western Digital MyCLoud HDD For the time being they responded: "WD¢s My Cloud family of personal cloud products is potentially susceptible to the BASH/ Shellshock vulnerability. WD¢s default software configuration and typical deployment for My Cloud devices lowers the risk to this threat. WD takes this threat seriously and is working on a patch to address this issue." Since WD is yet to provide a firmware update we have to do it ourselves against Shell Shock Bash exploit  http://community.wd.com/t5/user/viewprofilepage/user-id/309429 and here we go via SSH * Backup your sources.list CODE cp /etc/apt/sources.list /etc/apt/sources.list.bak * Edit sources.list to have the correct source CODE echo deb http://ftp.us.debian.org/debian/ jessie main > /etc/apt/sources.list * Update the package list CODE apt-get update * Get bash 4.3-9.1 package CODE apt-get install --only-upgrade bash * Install the package CODE sudo dpkg -i --force-overwrite /var/cache/apt/archives/bash_4.3-9.2_armhf.deb * Move back your original sources.list CODE mv -f /etc/apt/sources.list.bak /etc/apt/sources.list PS: when installing the package, if it outputs "no file found", then the bash version might have changed (updated). If so just check which file is downloaded and use that instead. Use the following command to see which bash package was downloaded: CODE ls /var/cache/apt/archives/  Source : http://community.wd.com/t5/WD-My-Cloud/Shellshock-expolit-vulnerability/m-p/803133 |