Bashbug creates big security hole: How to prevent systems from being Shellshocked?

A recent report by Symantec said that a new vulnerability has been found that potentially affects most versions of the Linux and Unix operating systems, in addition to Mac OS X (which is based around Unix). The "Bash Bug" or "Shellshock” has opened the possibility that attackers could execute arbitrary commands on web servers, other Linux-based machines and even Mac computers.

Image Credit: Symantec.com

Some researchers say Shellshock, which affects an application called Bash, is potentially more serious and widespread than the Heartbleed bug discovered in April, though the two vulnerabilities are quite different in nature. Unlike Heartbleed, which forced users to change their passwords for various Internet services, Shellshock doesn't appear to have any easy solutions for average users right now. In most cases, it will be up to system administrators and software companies to issue patches.

The vulnerability affects Bash, a common component known as a shell that appears in many versions of Linux and Unix. Bash acts as a command language interpreter. In other words, it allows the user to type commands into a simple text-based window, which the operating system will then run.

Bash can also be used to run commands passed to it by applications and it is this feature that the vulnerability affects. One type of command that can be sent to Bash allows environment variables to be set. Environment variables are dynamic, named values that affect the way processes are run on a computer. The vulnerability lies in the fact that an attacker can tack-on malicious code to the environment variable, which will run once the variable is received.

Symantec regards this vulnerability as critical, since Bash is widely used in Linux and Unix operating systems running on Internet-connected computers, such as Web servers. Although specific conditions need to be in place for the bug to be exploited, successful exploitation could enable remote code execution. This could not only allow an attacker to steal data from a compromised computer, but enable the attacker to gain control over the computer and potentially provide them with access to other computers on the affected network. The consequences of an attacker successfully exploiting this vulnerability on a Web server are serious in nature. For example attackers may have the ability to dump password files or download malware on to infected computers. Once inside the victim’s firewall, the attackers could then compromise and infect other computers on the network.

Aside from Web servers, other vulnerable devices include Linux-based routers that have a Web interface that uses CGI. In the same manner as an attack against a Web server, it may be possible to use CGI to exploit the vulnerability and send a malicious command to the router.

Researchers are also trying to figure out if other interpreters, such as PHP, JSP, Python or Perl, are also affected. Depending on how code is written, sometimes an interpreter actually uses bash to execute certain functions; and if this is the case, it might be that other interpreters could also be used to exploit this vulnerability. The impact is incredibly high because there are a lot of embedded devices that use CGI scripts – for example routers, home appliances and wireless access points. They are also vulnerable and, in many cases, difficult to patch.

How to know if your computer is infected by the Bash Virus?

The easiest way to check if your system is vulnerable is to open a bash-shell on your system and execute the following command:

$ env x=’() { :;}; echo vulnerable’ bash -c “echo this is a test”

If the shell returns the string "vulnerable",  you should update your system.

How to fix the Bash virus threat?

Advice on how to fix this problem

The first thing that you need to do is to update your bash version. Different Linux distributions are offering patches for this vulnerability; and although not all patches have been proven to be really effective yet, patching is the first thing to do.

Also review your web-server configuration. If there are any CGI scripts that you are not using, consider disabling them.

Article by Rishibha Tuteja

Last minute Blogger, fangirl by profession. A Bibliophile by heart, Tech–Enthusiast by choice.

She breathes dreams like air and can be reached at https://twitter.com/BibliophileRish