Reports: Shellshock Attacks Already Uncovered

Hackers have already launched attacks aimed at exploiting the Shellshock Bash bug, according to Security researchers at AusCERT and MalwareMustDie. That means administrators should patch vulnerable systems as soon as possible.

Shellshock is the name given to a vulnerability that exists in GNU Bash (Bourne-Again Shell) versions 1.14 through 4.3. Unix and Linux systems -- as well as the Mac OS X (which also uses bash) -- are at risk from the bug in Bash, a commonly used command interpreter, according to U.S. CERT (Computer Emergency Readiness Team). The U.S. National Vulnerability Database rated Shellshock 10/10 for severity with a complexity rating of "low," meaning it is very easy to exploit.

The Bash bug has the potential to be bigger than the Heartbleed vulnerability, which has gone down in security history as one of the worst bugs ever. Heartbleed only affected a specific version of OpenSSL. But the Bash bug has been around for a long time, which means lots of old devices on the network are vulnerable. And that means the number of systems that need to be patched -- and probably won't be patched -- is a lot larger than the fallout from Heartbleed.

First Patch Didn't Patch

"US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system," the agency said, adding that a patch was initially issued but didn't fully address the problem. "MITRE later assigned a patch to cover the remaining problems after the application of the first patch."

The agency recommended that users and administrators review TA14-268A, Vulnerability Note VU#252743 and the Red Hat Security Blog for additional details as well as refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch....

Comments are closed.