What is it?
Shellshock is the codename for a collection of recently discovered vulnerabilities and bugs within the Unix Bash shell system.
Successful exploitation is accomplished through a variety of means in which Bash is exposed to carefully crafted input resulting in execution of arbitrary commands within Bash’s command interpreter. Because the vulnerabilities and bugs are believed to have existed since 1992, all systems in use today that leverage Bash are at risk. The CVSS score ranks this family of vulnerabilities 10 out of 10, making it one of the most significant vulnerabilities in recent history.
How can I test for it?
There are plenty of resources available to help you test for these vulnerabilities, which can be found here. However, be careful when running these tests as several of them can cause segfaults and possibly result in system instability.
Several other related vulnerabilities were found shortly after the initial Shellshock discovery. Therefore, those who applied vendor patches and hot-fixes over the past few weeks should double check that they are protected against the more recently discovered vulnerabilities as well.
To check an external site for the vulnerabilities, leverage this handy tool.
In addition to checking your exposure to Shellshock, vulnerability scanners or configuration management tools are helpful to track your remediation efforts.
How do I protect against it?
Leveraging a Web Application Firewall or IPS with up-to-date signatures and blocking enabled will provide the best protection in addition to ensuring all systems running Bash are up-to-date. If you have further questions, of course, call us at K logix and we can help.
Subscribe
Stay up to date with cyber security trends and more