The Bash Bug aka shellshock: What you need to know about the latest security threat

Written on 26 September, 2014 by Jonathan Gleeson
Categories NewsSecurityTags newsvirus

Right now, security professionals are scrambling to fix a security flaw called Shellshock. It's a major vulnerability related to Bash, a computer program that's installed on millions of computers around the world. There's been a lot of confusion in mainstream media about how the bug works, who is vulnerable and what users can do to protect themselves.

The Netregistry shared hosting and email environments are configured in such a way that the shellshock threat represents little to no risk to our security; however, we are actively patching all systems with the latest Shellshock security patch to eliminate any possible vulnerability.

Netregistry VPS customers are advised to update their systems as soon as possible.

The vulnerability in question affects Bash, a common component known as a shell that appears in many versions of Linux and Unix. Bash acts as a command language interpreter. In more simple terms, it allows the user to type commands into a simple text-based window, which the operating system will then run.

Bash is also used to run commands passed to it by applications, and it is this feature that is targeted by Shellshock. One type of command that can be sent to Bash allows environment variables to be altered. Environment variables are dynamic, named values that affect the way processes are run on a computer. The vulnerability lies in the fact that an attacker can tack-on malicious code to the environment variable, which will run once the variable is received by your computer.

The Shellshock vulnerability has been classified globally as critical, since Bash is widely used in Linux and Unix operating systems running on any computers connected to the internet, such as Web servers. Although specific conditions need to be in place for the bug to be exploited, successful exploitation could enable remote code execution by attackers. This not only allows an attacker to steal data from a compromised computer, but to gain control over the computer and potentially gain access to other computers on the affected network.

Website owners are most at risk from this bug and should be aware that its exploitation may allow access to their data and provide attackers access to their network. Netregistry is actively working to patch all systems now and is also putting in place security controls to prevent any further explotation.

For more information, check out this video about Shellshock

Netregistry recommends these patches for our VPS clients:

Debian: https://www.debian.org/security/2014/dsa-3032

Ubuntu: http://www.ubuntu.com/usn/usn-2362-1/

Red Hat: https://access.redhat.com/articles/1200223*

CentOS: http://centosnow.blogspot.com/2014/09/critical-bash-updates-for-centos-5.html