The Shellshock (Bashdoor) Exploit

Technology Trends

Ever heard of the bug Shellshock or Bashdoor? This is the collective name for different vulnerabilities discovered recently in the Unix/Linux Bash command-line interpreter in September 2014. It is obvious that this vulnerability in Bash shell has been there since the early 90s based on finding on the source code history.

This vulnerability was discovered by Stephane Chazelas on September 12th, 2014 and gave it the name bashdoor. In addition, the bug was assigned an identifier CVE-2014-6271. [Ref 1] The Bash shell has been the default shell on both Unix and Linux system and this is getting Information Security (IS) security experts worried because of how widely Bash used on devices running operating systems that falls in this category (andriod, iOS) rather than personal computers which can be patched regularly.

On a Unix/Linux system, most of internet deamons uses Bash to process set of commands and these attackers will use this channel to execute arbitrary commands and sometime using environmental variables. By executing these commands, attackers can gain unauthorized access to the computer running the operating systems, executing command in the background. This can be used to perform distributed denial-of-service (DDos) attacks as well as vulnerability scanning.
This vulnerability can be exploited to achieve remote execution on servers through several attack means including the CGI (Common Gateway Interface) based web server, OpenSSH, OpenVPN, Dynamic Host Configuration Protocol (DHCP), QMail server, IBM HMC restricted shell [Ref 3], etc.

Apple Inc, in a statement said that Mac OS X systems are safe by default except a user had reconfigured advance Unix services and every user can turn off those services until a patch is released.

Based on report on the internet on September 26, the security firm Incapsula reported that 17,400 attacks, at an average rate of 725 attacks per hour. Also more than 1,800 web domains had been attacked; originating from 400 unique IP addresses (more than 55% of the IP addresses are from China and U.S.A). [Ref 2]

On 6 October, we saw reports on the internet on October 6, 2014 reporting that Yahoo! servers had been compromised in an attack related to the Shellshock issue.

If your system has not updated Bash shell since September 30 2014, you're most definitely vulnerable. Update your system today or contact your support team for assistance.

References:

Ref 1: Perlroth, Nicole Security Experts - ‘Shellshock’ Software Bug in Bash to Be Significant". New York Times.
http://www.nytimes.com/2014/09/26/technology/security-experts-expect-shellshock-software-bug-to-be-significant.html?_r=0

Ref 2: http://bits.blogs.nytimes.com/2014/09/26/companies-rush-to-fix-shellshock-software-bug-as-hackers-launch-thousands-of-attacks/

Ref 3: https://www-304.ibm.com/support/docview.wss?uid=ssg1S1004879

This blog's content is intended solely for informational purposes. While every effort is made to ensure accuracy, completeness, and relevance, the information may not be current or applicable in all situations. The opinions expressed are solely those of the author and do not reflect the views of any organization they may be affiliated with.