Today’s breaking news of the Unix “Shellshock” vulnerability reminds me instantly of the famous auror-turned-Hogwarts-professor Alastor Moody, who preaches that the fight against the dark arts demands “Constant Vigilance.” Same for cybersecurity. Constant Vigilance.
Consider: The Heartbleed issue affected potentially 500,000 machines worldwide. The new Shellshock (or “Bash Bug”) could potentially affect 500 million.
Cures for the Shellshock vulnerability, at the time of this writing, are still being sorted out. It affects Unix-based operating systems such as Linux and Mac OS X, which in some non-default configurations could allow a remote attacker to execute arbitrary code on an affected system. The weakness lies within the Bash (for Bourne-Again Shell) command prompt.
The simplicity of an attack is what scares system admins the most: The vulnerability is truly easy to exploit.
The US Computer Emergency Readiness Team (US-CERT) is tracking the issue (see Bourne Again Shell (Bash) Remote Code Execution Vulnerability.) Following is CERT’s list of vendors that are confirmed to be exposed to the vulnerability. This list is initial and is expected to grow.
- Apple Inc. Affected
- Debian GNU/Linux Affected
- Fedora Project Affected
- GNU Bash Affected
- Juniper Networks, Inc. Affected
- Oracle Corporation Affected
- Red Hat, Inc. Affected
- Slackware Linux Inc. Affected
US-CERT recommends the following system-specific pages for hardening and patch info:
- Debian—https://www.debian.org/security/2014/dsa-3032
- Ubuntu—http://www.ubuntu.com/usn/usn-2362-1/
- Red Hat—https://access.redhat.com/articles/1200223*
- CentOS—http://centosnow.blogspot.com/2014/09/critical-bash-updates-for-centos-5.html
- Novell/SUSE— http://support.novell.com/security/cve/CVE-2014-6271.html
US-CERT aldo recommends users and administrators review TA14-268A, Vulnerability Note VU#252743 and the Redhat Security Blog for additional details and to refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch. A GNU Bash patch is also available for experienced users and administrators to implement.
Not sure where to start, or if your systems are affected? Contact TxMQ president Chuck Fried for an immediate and confidential consultation: (716) 636-0070 x222, [email protected].