Welcome Guest ( Log In | Register )


 
Reply to this topicStart new topic
> Shell Shock : Updating Bash on WD MyCloud, Last Updated: Today, 12:51 PM
NickTheGreek
post 1 Oct 2014, 11:51 AM
Post #1


Administrator
Group Icon

Group: Admin
Posts: 111157
Joined: 3-June 05
From: Athens, Greece
Member No.: 1
Zodiac Sign: I'm a leo!
Gender: I'm a m!



Shell Shock : Updating Bash on WD MyCloud


Tutorial Name: Shell Shock : Updating Bash on WD MyCloud

Author Name: NickTheGreek

Submitted: Today, 12:51 PM

Last Updated: 1 Oct 2014

Category: YourForum Tutorials


updating Debian on WD MyCloud via SSH


View Tutorial


--------------------

c:\ When the going gets tough, the tough get going ...
Go to the top of the page
 
Bookmark this: Post to Del.icio.usPost to DiggPost to FacebookPost to GooglePost to SlashdotPost to StumbleUponPost to TechnoratiPost to YahooMyWeb
+Quote Post
NickTheGreek
post 1 Oct 2014, 11:52 AM
Post #2


Administrator
Group Icon

Group: Admin
Posts: 111157
Joined: 3-June 05
From: Athens, Greece
Member No.: 1
Zodiac Sign: I'm a leo!
Gender: I'm a m!



Shell Shock is affecting millions of OS installations using Bash, among those are Western Digital MyCLoud HDD

For the time being they responded:

"WD¢s My Cloud family of personal cloud products is potentially susceptible to the BASH/ Shellshock vulnerability. WD¢s default software configuration and typical deployment for My Cloud devices lowers the risk to this threat. WD takes this threat seriously and is working on a patch to address this issue."

Since WD is yet to provide a firmware update we have to do it ourselves against Shell Shock Bash exploit

extra.info.png

http://community.wd.com/t5/user/viewprofilepage/user-id/309429

and here we go via SSH

* Backup your sources.list

CODE
cp /etc/apt/sources.list /etc/apt/sources.list.bak


* Edit sources.list to have the correct source

CODE
echo deb http://ftp.us.debian.org/debian/ jessie main > /etc/apt/sources.list


* Update the package list

CODE
apt-get update


* Get bash 4.3-9.1 package

CODE
apt-get install --only-upgrade bash


* Install the package

CODE
sudo dpkg -i --force-overwrite /var/cache/apt/archives/bash_4.3-9.2_armhf.deb


* Move back your original sources.list

CODE
mv -f /etc/apt/sources.list.bak /etc/apt/sources.list


PS: when installing the package, if it outputs "no file found", then the bash version might have changed (updated). If so just check which file is downloaded and use that instead. Use the following command to see which bash package was downloaded:

CODE
ls /var/cache/apt/archives/


Source : http://community.wd.com/t5/WD-My-Cloud/Shellshock-expolit-vulnerability/m-p/803133


--------------------

c:\ When the going gets tough, the tough get going ...
Go to the top of the page
 
+Quote Post
NickTheGreek
post 1 Oct 2014, 12:05 PM
Post #3


Administrator
Group Icon

Group: Admin
Posts: 111157
Joined: 3-June 05
From: Athens, Greece
Member No.: 1
Zodiac Sign: I'm a leo!
Gender: I'm a m!



you can always check if things are alright afterwards:

CODE
env x='() { :;}; echo vulnerable' bash -c 'echo hello'


and if all steps are successful:



--------------------

c:\ When the going gets tough, the tough get going ...
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 28th March 2024 - 02:40 PM
Skin and Graphics by Dan Ellis and Anubis. Hosting by Forums & More © 2005-2011.
InvisionGames - Your #1 Arcade Games Repository | AllSigs - Signatures for all | Rock Band + Guitar Hero = RockHero ! | The Remoters - Remote Assistance | FileMiners - You ask, We find