Shellshock – Bash vulnerability!

Share Button

By now you may have heard of the latest vulnerability that effects over 500 million devices around the world!! Not only are web servers effected by things like your security cameras, Android devices and even Mac OSX! Here’s a super detailed explanation from Troy Hunt:

http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html

Additional information from Trend Micro:

A brand new vulnerability has been disclosed that will have widespread impacts. 
The vulnerability, known as Shellshock (CVE-2014-6271 and CVE-2014-7169), is found in Bash, the dominant shell for Unix and Linux (default), and can also be found in Mac OS X, some Windows server deployments, and even Android. It enables remote code injection of arbitrary commands without authentication, which can then allow malicious code execution that could be used to take over an operating system, access confidential data, or set the stage for future attacks.
NIST rates this a 10 (out of 10) on the severity score, based on the fact that it is 1) widespread and common, 2) easy to execute an attack (low complexity) and 3) no authentication required when exploiting Bash via CGI scripts. Unlike the recent Heartbleed vulnerability, this is even more prevalent and easily accessed, making it a much bigger risk to organizations.
Who is affected?
Any organization or user that has bash enabled on a server, desktop, or device is affected by this vulnerability. This includes the over 500 million web servers on the Internet today. As well, end-users’ accessing web sites or services being run on affected servers are vulnerable to their personal and business information falling into the wrong hands.
What can customers do?
This is a critical vulnerability and should be addressed and patched as soon as possible. One big challenge is that there will be many patches that will have to be both produced and then distributed (ex: each Linux distro that uses bash will need to deliver a patch), making it very difficult to address quickly. The second is that many devices that could be compromised based on running Linux (ex: routers, medical devices) will not be easily patched.
Trend Micro has two key recommendations for organizations:

  1. Assess your environment and if you have a vulnerable version of bash present, you should patch your system(s) as soon as possible.
  2. Ensure you have an up-to-date IPS in place to protect your vulnerable systems until you have a chance to fully patch. If you do not have an IPS in place, consider leveraging a service-based offering to get up and running quickly.
Specific Advice for Different Use Cases:

  • If you’re an end-user, watch for patches for your Mac, your Android phone, and other devices you may have. Leverage leading solutions like Trend Micro free tool for Mac that can tell you when you if you are on a vulnerable site so that you don’t put information at risk.
  • If you have end users that you are responsible for (as an organization), implement patches as they come available for vulnerable endpoints. In parallel, you could leverage Interscan Web Security as a Service to notify end users when they access vulnerable sites.
  • If you’re running LINUX systems, consider leveraging an IPS like Deep Security to help virtually patch until patch is available.
  • If you’re running LINUX/APACHE webservers using BASH scripts, consider retooling your scripts to use something other than BASH until a patch is available. Until you have a patch applied, leverage an IPS like Deep Security to help virtually patch.
  • If you’re the customer of a hosted service, get in touch with them to find out if they’re vulnerable and find out their remediation plans if they are. In order to quickly put a fix in place for servers and applications that you are running on that service, consider leveraging an IPS like Deep Security to help virtually patch.

 

Share Button