dediserve news

Bash Vulnerability AKA SHELLSHOCK

What we know:

There is a critical vulnerability that affects the GNU Bourne Again Shell (Bash), used in many *nix based operating systems. The vulnerability relates to how environment variables are processed and allows for Remote Code Execution, allowing an unauthenticated attacker to run commands on vulnerable systems. Web servers should be considered high priorities for patching. Security researchers are actively investigating the issue, and are highlighting the ease with which it can be exploited.

What we don’t yet know:

If other operating systems based on *nix platforms are also vulnerable, such as Mac OS X and Android, as well as embedded devices (such as “Internet-of-things” devices).

The detail:

This vulnerability has the ID CVE-2014-6271 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271, and has been given an Exploitability score of 10.0 – the same as Heartbleed.

There are patches available for many of the major Linux distributions, such as:

 

You can verify if a system is vulnerable by entering the following command:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

 

If the system is vulnerable, the output will be:

vulnerable
this is a test

 

An unaffected (or patched) system will output:

 bash: warning: x: ignoring function definition attempt
 bash: error importing function definition for `x'
 this is a test

 

3 responses to “Bash Vulnerability AKA SHELLSHOCK”

  1. Joe says:

    Thanks – the test command is particularly useful.

  2. Dom says:

    It would have been nice if you had emailed your customers about this, rather than simply updating the obscure news feed that no-one reads, especially ones like me that pay through the nose for 24/7 ‘proactive’ server management.

    • Aidan says:

      Hi Dominic,
      As per your ticket your server was already patched and up to date and not vulnerable. Our Server Admin service is actually reactive not proactive, but in this case all customers paying for it were automatically patched. Any questions do please update your ticket!