Sage Advice - Cybersecurity Blog

GNU Bourne Again Shell (BASH) “Shellshock” Vulnerability Advisory

shellshock-virusOn September 24, 2014, information regarding a critical UNIX - based operating system vulnerability was published. The vulnerability is being referred to as BASH BUG or SHELLSHOCK.  (CVE-2014-6271 and CVE-2014-7169 are the official references to this vulnerability). Organizations should patch the vulnerability as soon as expedient given that there are reports about malicious scanning and active exploitation.

What is the issue?

GNU Bash is a command line shell found on most UNIX - based operating systems including Linux and Apple Mac OS X. This vulnerability allows a remote attacker to execute arbitrary code on an affected system. The impact of the vulnerability is currently unknown and will unfold as exploits are discovered.

Should we be concerned?

This vulnerability is classified by industry standards as “High” impact with CVSS Impact Subscore 10 and “Low” on complexity, which means it takes little skill to perform. This flaw allows attackers to provide specially crafted environment variables containing arbitrary commands that can be executed on vulnerable systems. It is especially dangerous because of the prevalent use of the Bash shell and its ability to be called by an application in numerous ways.

What types of systems are vulnerable?

The following operating systems may be affected; Linux, BSD, and UNIX operating systems (including but not limited to, CentOS, Debian, Mac OS X, Redhat, Fedora and Ubuntu). Systems using these operating systems may include : Apache web servers, Email Servers, Chat Servers, VPNs, Remote Gateway Devices, Mobile Device Management Applications, DNS servers, DHCP servers, FTP servers, firewalls, and Telnet servers.

For more Information

US-CERT and Homeland Security have issued guidance for the “Shell (Bash) remote execution vulnerability.”

Recommended Actions

  1. Identify Unix - based operating systems in your environment such as Linux and Apple’s Mac OS X – for example, web servers, DNS servers, firewalls, routers, switches, email gateways and appliances. Bash can also be called by programs such as DHCP, SSH, Telnet, FTP, and CGI. Be sure to include websites that are hosted by a third - party on your behalf.
  2. Contact the vendors of potentially impacted systems. Follow their mitigation instructions. Continue to monitor vendor announcement for updates.
  3. Remediation efforts should be prioritized. Higher priority should be given to Internet connected systems and any system that stores, processes, or transmits legally protected information.
  4. The following versions of Linux can be secured by knowledgeable administrators; CentOS, Debian, Redhat and Ubuntu. For more information, refer to: http://lists.gnu.org/archive/html/bug-bash/2014-09/threads.html

Are you prepared to respond to and investigate cyber-attacks?

The Cyber Forensics Readiness Program from Tyler Cybersecurity is designed to prepare Incident Responders and IT personnel to quickly and cost-effectively capture and maintain evidence in a forensically sound manner following a breach. The training is supported by semi-annual collection exercises and an on-going relationship with experienced Cyber Forensic Investigators.

Learn more

Image courtesy of Salvatore Vuono at FreeDigitalPhotos.net.

Topics: Threat Advisories

The Tyler Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

Cybersecurity Lifecycle

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More