Friday, 26 September 2014

Shellshocked!

What is Shellshock?


It has been widely reported in mainstream news that vulnerability dubbed Shellshock could affect 500 million devices, which over shadows the 500,000 devices that were affected by the Heartbleed vulnerability. 

Shellshock exploits a vulnerability in a command line shell used by many UNIX computers, called the Bourne Again Shell, more commonly known by its acronym Bash.  This affects computers and devices using the Linux and Mac OS, including some appliance based devices such as firewalls, which are commonly built on Linux.

Bash is a common component in webservers, but even if Linux is not being used, Apache also uses Bash.  It could also be used as a background component for web browsers, email clients and file transfer applications.

Whereas Heartbleed was a vulnerability that allowed the traffic to be sniffed, the Shellshock vulnerability allows direct access on to the vulnerable machine and with potentially three lines of code.

More technical details around the vulnerability CVE-2014-6271 aka Shellshock is linked.

What can be done?


Patch the Linux and Mac OS machines to the latest version.  There are rumours that due to the speed of patch dispatch, they may not have been QA’d as thoroughly, but it is still better than being vulnerable.

Remember that devices other than computers and servers running Linux or Mac OS can be affected.  Ensure your client software is up to date, regardless of the operating system.  With devices such as firewalls, check regularly on the vendor websites for their advice.

Here is the latest government advice on the Bash vulnerability

I’m checking the vendor sites that MTI Technology partners with and slowly creating a list of useful links here:
Cisco
WatchGuard
Websense

Last updated: 11:45 01/10/2014

2 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete