Incident Response, Malware, Network Security, TDR, Vulnerability Management

Threat of the month: Bash bug/Shellshock

What is it?

The original vulnerability in Bash, which was dubbed Shellshock, is rated Highly Critical by Secunia and can be exploited to e.g. execute arbitrary shell commands and compromise a vulnerable system.  

Subsequently, multiple additional vulnerabilities have been reported in Bash.

How does it work?

The vulnerability was caused due to an error when parsing shell function definitions passed via environment variables. Multiple attack vectors for Bash exist as many organizations use products which contain Bash in multiple parts of their infrastructure.

Should I be worried?

Yes. The discovery of the Shellshock vulnerability has opened up Bash like a can of worms, with the ensuing discovery of several other vulnerabilities.  With the vulnerabilities came a host of official and unofficial patches with varying degrees of efficiency. At the time of writing, all known bugs in Bash have been fixed with official upstream patches.

How can I prevent it?

Apply the patches provided by Bash. However, not all products containing Bash have been fixed yet so keep a close eye on those products and patch them as soon as possible. If you are a system administrator, you need to: diligently assess the risk to your systems; apply the patches and look for other ways to mitigate where no patch is available; and then go back to verify the result. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.