Latest Code Vulnerability Could Leave You Shellshocked

Latest Code Vulnerability Could Leave You Shellshocked

A security vulnerability recently came to light that could wreak havoc on Unix, Linux and Mac OS X computers around the Internet. A critical vulnerability in the Bourne Again Shell, commonly known as Bash, was reported and the National Vulnerability Database rates it a 10/10 for severity.

Experts warn that the so-called Shellshock vulnerability exploits a 25-year old security flaw in Bash and could affect corporate servers, switches, personal computers and embedded systems connected to the Internet.

The flaw allows malicious code to be inserted into the Bash shell to remotely run arbitrary code, escalate priviledges and access confidential information. It’s likely that malicious botnets will attempt to exploit the Bash vulnerability. When they begin to propagate they could cause major damage to Internet systems that have not received sufficient patches.

System administrators need to mitigate the risk. I’ve reproduced the problem and created a “checker” utility and shared it on an AWS  EC2 image: http://shellshocker-check.masergy.com

This script will attempt to exploit the problem and print the results.

Any machine with Internet access and curl or wget can self-test using the following commands:
  • curl -s
  • http://shellshocker-check.masergy.com/shellshock_test.sh
  • | sh
  • wget -q -O –
  • http://shellshocker-check.masergy.com/shellshock_test.sh
  • | sh

Servers that utilize the Common Gateway Interface (CGI) such as those running PHP scripts, or devices that inadvertently permit system calls are the most vulnerable.

I suggest updating Bash to a patched instance and additionally make sure that processes using Bash do not have superfluous access to your system.

There are patches available for many of the major Unix/Linux distributions:
  • Red Hat Enterprise Linux (versions 4 through 7) and the Fedora distribution
  • CentOS (versions 5 through 7)
  • Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS
  • Debian
  • Solaris

To avoid further vulnerabilities, basic system updates and vulnerability/accessibility scans should become standard operating procedure for all networked systems.

About Paul Ruelas

Director, Product Management, Masergy
Paul Ruelas is Director of Network Products at Masergy. He brings over 26 years of expertise in telecommunications, IP Networks, complex solution design, and product development. Paul has developed many Ethernet and optical products that enabled numerous global enterprises to transform their data communication infrastructures to improve business outcomes. Paul is an industry thought leader in communication transformation and on topics such as hybrid networking, SDN, NFV, and cloud connectivity.