Shellshock – Yet Another Cyber Shock!

Torrid Networks’ experts recognized by Microsoft
September 3, 2014
The Pioneer Newspaper features team Torrid Networks on Shellshock bug
September 28, 2014

hakedA critical security vulnerability has been uncovered in the GNU Bourne Again Shell (Bash) by a security researcher, Stephane Chazelas. Attackers can remotely exploit the security flaw to gain complete access to the system, confidential information, modify the system configuration, install malware etc.

The Bash bug is also known as Shellshock and leaves the Linux, Mac OS X, Routers, etc. and other *nix devices vulnerable to attacks.

A Red Hat security advisory warned, “This issue is especially dangerous as there are many possible ways Bash can be called by an application”.

What is Bash?
Bash is the command line interpreter in the Unix based operating system.

What Bash versions are vulnerable?
The vulnerability affects versions 1.14 through 4.3 of GNU Bash

Why should one be worried?
Any device or system (server/desktop) that runs *nix operating system including but not limited to web server, FTP server, router, firewall, etc. can be remotely taken over by attacker and most of the systems on the wild are running vulnerable bash version.

Severity and ease of exploitation?Bug has been rated CRITICAL by the security firms across the world and considered easily exploitable which makes it even more dangerous vulnerability than the recent Heartbleed bug.

Need to confirm?
Confirm the vulnerability by executing below command from your Unix based operating system.

env x='() { :;}; echo vulnerable’ bash -c “echo hello”

If the system is vulnerable, the output will include “vulnerable” string and you need to plan a super-quick remediation plan.

How to protect?
Torrid Networks recommends immediate patching of the *nix systems and devices. Contact your product vendors those are using *nix operating system in their products to know about their patch cycle addressing the Shellshock vulnerability. Most of the operating system vendors have already released their patches, check their respective advisories as referred in the References section.