While the internet is an amazing place, filled with information and a lot of opportunities, it’s safe to say that it also brings quite a lot of dangers in the form of malware and exploits. Recently, a security bug has been found in the Unix Bash shell which allowed the attacker to gain access to the operating system and the data it held. Unfortunately, way too many computers were affected by it, mainly because lots of web servers and internet daemons use Bash for processing commands.
This exploit, called the Shellshock bug forced the Bash to execute the commands which are stored in a special location. This bug was assigned the Cisco Event Response: GNU Bash Environment Variable Command Injection Vulnerability CVE-2014-6271 but unfortunately even today we don’t have a way to prevent its damage. The frightening thing is that the vulnerabilities in the Bash code had been there since 1992, but the continuous advancements in software and technology lead to a better exploration of the Bash and then to the appearance of the Shellshock bug.
The bug was disclosed on 24 September and since then it started compromising computers from all over the world. It seems that the attacks are coming from multiple IP addresses which are most probably cover-ups, so it’s hard to pinpoint the exact source.
The most problematic thing right now is that even with the latest patches you can’t stop the attacks, and the developers are hard at work trying to find a way to avoid the complications brought by the Shellshock bug. The major problem here is that the Bash parser is thought to have more vulnerabilities, so even if these are solved, others will appear in a very short time, and that is the main reason why the release of a solution for the Shellshock bug is yet to arrive.
Bash attacks that target the Shellshock bug are basically ranging from command and control deployment attempts to DoS attacks which can help the attacker access restricted data.
At this moment, we are still waiting for a solution to the problem, but the frightening thing is that many operating systems contain the Bash function, which means that most of them are vulnerable to such attacks.
This is not the first attack of this sort that took place this year. Unfortunately, a similar vulnerability which was discovered in the OpenSSL library, named the Heartbleed bug, which also allowed unwanted access to sensitive data. The security threat was so large that many security experts advised users to change the passwords and clean private data from their browsers, as these could easily be hacked.
In conclusion, we think that the Shellshock bug as well as the Heartbleed bug is some major threats that should not be overlooked. Staying up to date and using the latest security solutions might be a good practice, but changing passwords and taking care of our online privacy is also essential if we don’t want our computer/server to be affected by these vulnerabilities.
Right now not all technology vendors have completed their patches yet, so you best stay in touch with them directly or via their security news feeds. Use the time to evaluate the release and deployment of the new software versions and make sure there are no constraints on the way. Fixing a vulnerability and breaking running systems on the way does not make for a good crisis management.
Photo credit: From Sand To Glass