Shellshock – Another Bug to Rattle the Cage

Since the beginning of this year some of the most epic and significant vulnerabilities have been discovered. The online community was shocked when the first news of Heartbleed came out and that the bug was around for more than four years. And just when we thought that nothing could surprise us anymore the Shellshock family of bugs was discovered. What is even more terrifying here is that analysis of the source code history suggest that this bug has been around since 1992.

You may be wondering what is all that commotion about and why are people losing their minds over this. This family of vulnerabilities affects Bash, which is a UNIX shell used on Linux and Mac OS X and also ported to Windows. Bash is a command processor and reads and interprets commands typed from users or read from a file (script) and is found in many distributions of the aforementioned operating systems. The bug is in the way Bash analyzes environment variables during its initialization sequence. It turns out that commands trailing function definitions stored in the values of environment variables are unintentionally interpreted and executed by vulnerable versions of Bash. This can enable an attacker to execute commands on a remote machine without the need of any authentication.

The Shellshock family of vulnerabilities can be exploited in a number of ways. The first and most dangerous of all is that the attacker can obtain control over the targeted system which means access to data, passwords, account information, etc. Another popular use is the injection of malware that turns the machine into a “zombie” server. Compromised machines can be used in large scale DDoS campaigns and vulnerability scanning. The specific exploitation vectors include services such as webservers using CGI scripts, SSH, DHCP, etc.

Generally speaking Windows users are secure from the bug, but Linux and Mac OS X users aren’t. To check for the vulnerability use this simple command:

env x='() { :;}; echo Bash is vulnerable’ bash -c “echo Test mode”

This will give the following output for a safe system:

bash: warning: x: ignoring function definition attempt

bash: error importing function definition for `x’

Test mode

And this output for a vulnerable system:

Bash is vulnerable

Test mode

It is recommended that you patch your Bash to the newest possible version, either way and also to update any network and security products that you may be using. Have in mind that there may be more patches issued in the future and also new vulnerabilities to be discovered so don’t let your guard down.

Vistnet would like to inform all of its clients that our engineers have tested our infrastructure against all known vectors and none proved exploitable in our system. What this means is that Vistnet’s servers were not vulnerable in any known way. Even so, to be on the safe side, the company has applied patches throughout its whole infrastructure, mere hours after the patches were released. All of our customers can rest assured that all precautions and measures needed were taken on time. Although we and our clients are safe from any direct exploitations of the vulnerability, brute force and DDoS attacks from botnets exploiting the Shellshock bugs are possible and have started only hours after the vulnerabilities were first found.

Leave a Reply

Your email address will not be published. Required fields are marked *