bug description:
i try test my WDcloud (firmware v04.00.01-623):
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
and my result:
"vulnerable
this is a test"
Do you have any idea how to fix the vulnerability, without breaking the cloud system?
WD’s My Cloud family of personal cloud products is potentially susceptible to the BASH/ Shellshock vulnerability. WD’s default software configuration and typical deployment for My Cloud devices lowers the risk to this threat. WD takes this threat seriously and is working on a patch to address this issue.
Today I fixed the last vulnerability in bash (CVE-2014-7186 (redir_stack bug)):
# apt-get update
# apt-get install --only-upgrade bash
Get:1 http://ftp.us.debian.org/debian/ jessie/main bash armhf 4.3-11 [1099 kB]
Check version:
# bash --version
GNU bash, version 4.3.30(1)-release (arm-unknown-linux-gnueabihf)
Check vulnerable script:
# curl https://shellshocker.net/shellshock_test.sh | bash
CVE-2014-6271 (original shellshock): not vulnerable
CVE-2014-6277 (segfault): not vulnerable
CVE-2014-6278 (Florian’s patch): not vulnerable
CVE-2014-7169 (taviso bug): not vulnerable
CVE-2014-7186 (redir_stack bug): not vulnerable
CVE-2014-7187 (nested loops off by one): not vulnerable
CVE-2014-//// (exploit 3 on http://shellshocker.net/):
not vulnerable
| Forums | News and Announcements | Register | Help | Forum Guidelines |
Copyright © 2021 Western Digital Technologies, Inc. All rights
reserved.
|
Trademarks
|
Privacy
|
Community Terms of Service
|
Site Terms of Use
|
Copyright
|
Contact WD
|