A new vulnerability or bug has surfaced and this has been all over the news these past few days. It’s nicknamed
shellshock and estimated to be even worst then heartbleed, which surfaced a few months back. The real thing is that this is all true and this bug is really very serious and can lead to a site being compromised.
This shellshock bug effects the unix command line shell known as “Bash” which is also the most common shell used in the linux/unix world. The command shell is the command line interpreter which most common users do not use in their day to day use, yet it is there.
To check if your system is vulnerable open bash and type in the following:
x='() { :;}; echo shellshock’ bash -c ‘echo Ok’
If the result is like the above then your system is vulnerable. Otherwise if you get something like “bash: warning: x: ignoring function definition attempt”, then your system is not vulnerable.
The problem comes in if it’s possible to have external input going in to bash. Like if you have a web server which is passing some requests to bash then an attacker can exploit it remotely gaining access to your system.
Is my website safe?
The best way is to check it out. You can use this link to verify this.
http://shellshock.iecra.org
If you website is vulnerable to shellshock we suggest you apply all security patches immediately, since most vendors have issued patches to disable the issue. In case of hosting providers you should contact their support with a query on what they are doing about the issue.
Ultimately this does not seem to be the
only issue in bash. It might be good to disable bash for now.
What can a attacker do?
If a system is vulnerable a hacker can do whatever he wants. Typically since remote execution is possible the attacker would download malware onto the system and execute it. This malware can then ccompromise your system, or if this is a pure web server (and not used as a normal workstation) compromise your website such that your users could potentially see different information or have your site distribute malware.
Website monitoring helps to en sure that you are immediately notified as soon as your site not only goes down but also if there are changes in the content. This ensures that you can take immediate action on what happened. If you website ends up distributing malware it could be blacklisted from a lot of web secure gateways, resulting that your site would be blocked for months till it’s proven that it’s safe again.
