Login

Shellshock Bug Affects Hundreds of Millions of Hosting Servers

SEP
26
Shellshock bug affects hundreds of thousands of web hosting servers

A recently discovered bug found on many computer systems has server administrators and computer owners scrambling. The aptly named Shellshock bug is a flaw in a computer program known as Bash  which makes hundreds of millions of computers susceptible to hijacking.

It’s extremely likely that the impact of Shellshock will exceed that of the Heartbleed bug, which was exposed in April of 2014. The National Vulnerability Database, A US government system responsible for tracking security flaws, has given this bug the maximum score for Impact and Exploitability and has rated it as simple to exploit.

Shellshock affects most unix-based operating systems such as Mac OS X and Linux. This includes most of the internet’s servers. A recent survey conducted by Netcraft shows that only 13% of the busiest one million website use Microsoft’s unaffected operating system.

How Shell Shock Works

Linux based systems have a type of program called a shell. Its a form of command line that allows you to run commands by typing in their application name follow by various parameters. The default shell used on most linux servers run Bash by default. Bash is the software that contains the Shellshock bug.

Shellshock is a bug found within Bash that allows hackers to pass along commands through a website that can be interpreted and run by bash. This allows the hacker to run practically any command on the server by passing them through a web page request.

Is There A Fix?

Patches for the majority of Linux based operating systems have been released. The patch can simply be applied by updating bash on your system.

Ubuntu
sudo apt-get update && sudo apt-get install bash

CentOS
yum update bash

Debian
sudo apt-get update && sudo apt-get install bash

MacOS
Follow the instructions: http://alblue.bandlem.com/2014/09/bash-remote-vulnerability.html

Testing Your Server

From the shell, run:
env x='() { :;}; echo vulnerable' bash -c "echo hello"

If your system is vulnerable, you’ll see the following output:
vulnerable
hello

If you’re system is not vulnerable, you’ll see the following output:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for`x'
hello

Link Web Development’s servers have been patched against the Shellshock bug.
Contact us today for hosting related questions and requests.

References


Leave a Reply

Your email address will not be published. Required fields are marked *

Please type the characters of this captcha image in the input box

Please type the characters of this captcha image in the input box

Your email address will not be published.