How Does “Shell Shock” Bash Flaw Hurt You?

How Does “Shell Shock” Bash Flaw Hurt You?

“Shell Shock” or CVE-2014-7169

This Bash Bug refers to the newly discovered “Shell Shock” vulnerability in Bash that is affecting nearly the entire web. With this security flaw attackers are able to easily add their own malicious code right at the end of bash commands.

With all the news about “Shell shock” the latest bash vulnerability, many are still trying to figure out the answer to this question.

If I’m your average computer user and want to log in to, for example, a PayPal account, but PayPal has not properly patched for the “Shellshock” bug, how is my computer affected?

The answer in YES!

Bash-Bug

This is what Bash looks like

“Shell shock” is a very effective way of compromising servers, not clients(at first). “Shell shock” will make it much more simple for virus authors to inject other malware into the server, or otherwise attack the server (steal data).

This means that although attackers could not directly take over your computer they can steal your data. Once they are able to access the servers utilizing the “Shell Shock” bug they can then see almost all server and database information. This may be shocking to some, however, it is a clear example of how we need to pay greater attention to IT security in this day and age.

 

Symantec’s Advice to Users and Web Site Owners

Businesses, in particular website owners, are most at risk from this bug and should be aware that its exploitation may allow access to their data and provide attackers with a foothold on their network. Accordingly, it is of critical importance to apply any available patches immediately.

shellshock-hack

“Shell Shock” is a hackers dream

Linux vendors have issued security advisories for the newly discovered vulnerability including patching information.

Debian—https://www.debian.org/security/2014/dsa-3032

Ubuntu—http://www.ubuntu.com/usn/usn-2362-1/

Red Hat—https://access.redhat.com/articles/1200223*

CentOS—http://centosnow.blogspot.com/2014/09/critical-bash-updates-for-centos-5.html

Novell/SUSE— http://support.novell.com/security/cve/CVE-2014-6271.html

*Red Hat has updated its advisory to include fixes for a number of remaining issues.

If a patch is unavailable for a specific distribution of Linux or Unix, it is recommended that users switch to an alternative shell until one becomes available.
Consumers are advised to apply patches to routers and any other web-enabled devices as and when they become available from vendors. Users of Apple’s Mac OS X should be aware that the operating system currently ships with a vulnerable version of Bash. Mac users should apply any patches for OS X when they become available.

Leave a Reply

comment-avatar

*