Shellshock Bash Vulnerability

Shellshock/Bash is a major new vulnerability that affects Unix, Linux and Mac users. This remote code execution vulnerability exists in almost every version of the GNU Bourne Again Shell (Bash). See CVE-2014-6271 in National Vulnerability Database: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

Description of CVE-2014-6271:

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in
OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

In our assessment, attacks over the internet via HTTP by worms or scripts are the biggest risk to organizations. A sample of HTTP attacks can be found at the following location:
http://pastebin.com/ebDeRd8U

Shellshock Bash Vulnerable Software and Versions:

* cpe:/a:gnu:bash:1.14.0
* cpe:/a:gnu:bash:1.14.1
* cpe:/a:gnu:bash:1.14.2
* cpe:/a:gnu:bash:1.14.3
* cpe:/a:gnu:bash:1.14.4
* cpe:/a:gnu:bash:1.14.5
* cpe:/a:gnu:bash:1.14.6
* cpe:/a:gnu:bash:1.14.7
* cpe:/a:gnu:bash:2.0
* cpe:/a:gnu:bash:2.01
* cpe:/a:gnu:bash:2.01.1
* cpe:/a:gnu:bash:2.02
* cpe:/a:gnu:bash:2.02.1
* cpe:/a:gnu:bash:2.03
* cpe:/a:gnu:bash:2.04
* cpe:/a:gnu:bash:2.05
* cpe:/a:gnu:bash:2.05:a
* cpe:/a:gnu:bash:2.05:b
* cpe:/a:gnu:bash:3.0
* cpe:/a:gnu:bash:3.0.16
* cpe:/a:gnu:bash:3.1
* cpe:/a:gnu:bash:3.2
* cpe:/a:gnu:bash:3.2.48
* cpe:/a:gnu:bash:4.0
* cpe:/a:gnu:bash:4.0:rc1
* cpe:/a:gnu:bash:4.1
* cpe:/a:gnu:bash:4.2
* cpe:/a:gnu:bash:4.3

What Should You Do if you have the Shellshock Bash Exploit?

1. If you are a user of our ProSCAN/Qualys Vulnerability scanning service, please contact us to schedule an emergency scan.
2. If you are using another vulnerability scanning tool, follow your vendor’s instructions.
3. Use official repositories to upgrade to the current release.
4. Verify with your vendors that this vulnerability has been patched.

What Else is Proficio Doing?

Proficio has patched any vulnerable systems within our own infrastructure. We are actively gathering indicators of attack and compromise and looking to apply detection indicators into our monitoring service.

Please contact us to discuss the best action for your organization.

Recent Blog Posts

Stay Ahead of Evolving Threats

Sign up for our free newsletter and receive invaluable threat notifications from our Threat Intelligence team.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.

REQUEST A DEMO

Experience Tomorrow’s
Security Today

Request a Demo and Experience Proficio's
Innovative Solutions in Action.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.