Alerts

ShellShock Roundup: What to do if You are Vulnerable

A security vulnerability on the GNU Bourne Again Shell reported Wednesday is claiming victims in the wild. The flaw – known to the tech world as CVE-2014-6271 and CVE-2014-7169 – allows a remote attacker to run arbitrary code (read malware) on a vulnerable server under certain conditions.

The most vulnerable targets to date are web servers that run Apache CGI scripts written in Bash or calling system() or popen(). Our telemetry shows the common attack scenario involves calling a vulnerable script and passing the exploit code as the User-Agent string.

An updated version of Bash released yesterday morning quickly proved to be a partial fix – it makes attacks more difficult to carry out. A couple of hours ago, however, a fix was issued for a number of Linux distros, including CentOS, Debian, Redhat, and Ubuntu. If you are running a vulnerable Linux distribution, you are advised to update immediately.

Crucially, Mac OS X computers are still vulnerable to the attack. As of the moment of writing, there is no official patch to be automatically installed. If you are a Mac OS X user and you also use Bash as your terminal application, then you might want to manually compile Bash from its sources.

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.