Shell Shock : Updating Bash on WD MyCloud, Last Updated: Today, 12:51 PM |
|
|||||||||
Shell Shock : Updating Bash on WD MyCloud, Last Updated: Today, 12:51 PM |
1 Oct 2014, 11:51 AM
Post
#1
|
|
Administrator Group: Admin Posts: 111169 Joined: 3-June 05 From: Athens, Greece Member No.: 1 Zodiac Sign: Gender: |
Tutorial Name: Shell Shock : Updating Bash on WD MyCloud Author Name: NickTheGreek Submitted: Today, 12:51 PM Last Updated: 1 Oct 2014 Category: YourForum Tutorials updating Debian on WD MyCloud via SSH View Tutorial -------------------- |
|
1 Oct 2014, 11:52 AM
Post
#2
|
|
Administrator Group: Admin Posts: 111169 Joined: 3-June 05 From: Athens, Greece Member No.: 1 Zodiac Sign: Gender: |
Shell Shock is affecting millions of OS installations using Bash, among those are Western Digital MyCLoud HDD
For the time being they responded: "WD¢s My Cloud family of personal cloud products is potentially susceptible to the BASH/ Shellshock vulnerability. WD¢s default software configuration and typical deployment for My Cloud devices lowers the risk to this threat. WD takes this threat seriously and is working on a patch to address this issue." Since WD is yet to provide a firmware update we have to do it ourselves against Shell Shock Bash exploit http://community.wd.com/t5/user/viewprofilepage/user-id/309429 and here we go via SSH * Backup your sources.list CODE cp /etc/apt/sources.list /etc/apt/sources.list.bak * Edit sources.list to have the correct source CODE echo deb http://ftp.us.debian.org/debian/ jessie main > /etc/apt/sources.list * Update the package list CODE apt-get update * Get bash 4.3-9.1 package CODE apt-get install --only-upgrade bash * Install the package CODE sudo dpkg -i --force-overwrite /var/cache/apt/archives/bash_4.3-9.2_armhf.deb * Move back your original sources.list CODE mv -f /etc/apt/sources.list.bak /etc/apt/sources.list PS: when installing the package, if it outputs "no file found", then the bash version might have changed (updated). If so just check which file is downloaded and use that instead. Use the following command to see which bash package was downloaded: CODE ls /var/cache/apt/archives/ Source : http://community.wd.com/t5/WD-My-Cloud/Shellshock-expolit-vulnerability/m-p/803133
-------------------- |
|
1 Oct 2014, 12:05 PM
Post
#3
|
|
Administrator Group: Admin Posts: 111169 Joined: 3-June 05 From: Athens, Greece Member No.: 1 Zodiac Sign: Gender: |
you can always check if things are alright afterwards:
CODE env x='() { :;}; echo vulnerable' bash -c 'echo hello' and if all steps are successful: -------------------- |
|
Lo-Fi Version | Time is now: 30th March 2024 - 08:57 AM |
Skin and Graphics by Dan Ellis and Anubis. Hosting by Forums & More © 2005-2011. |