Back

News: Shellshock Bug Requires Immediate Attention – UPDATED

Published: 19/09/2014

Recently, the United States Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) issued an alert regarding CVE-2014-6271, or the ‘Shellshock’ bug, a severe flaw in the bash Linux shell.  This flaw allows attackers to gain complete control of a system with relative ease. A second vulnerability, CVE-2014-7169, was spotted while a patch was being written for the first.

UPDATE 9/29/14: Three additional vulnerabilities, CVE-2014-7186CVE-2014-7187CVE-2014-6277, were discovered early yesterday.


 


The status for MangoXchange customers as of 9/29:Managed Services: Your servers have been patched for all five vulnerabilities and our technicians are actively monitoring your infrastructure.

Self managed:  It is critical that you patch your servers against all five exploits immediately. If you have not updated bash since Sunday, Sept 28 at 1:11AM EST, your system is vulnerable. If you use CentOS, here are the instructions to patch against the first exploit (CVE-2014-6271). To patch against the second exploit (CVE-2014-7169), reference Red Hat’s instructions.

To patch against the three new vulnerabilities:For CentOS 5, 6 and 7:


Update Bash:

 


yum update bash -y


Full system update:

 


yum update -y


For Ubuntu 10, 12 and 14:


Update Bash:


apt-get update
apt-get install bash


Full system update:


apt-get update
apt-get upgrade
apt-get dist-upgrade


If you are interested in learning more about the Shellshock bug, please see below.


How does Shellshock work?


Shellshock leverages other software packages such as Apache or CPanel that in some way relay instructions through to bash to be executed.  At its heart, the exploit is very simple; if a web request is crafted in a specific way, it can be used to execute any instruction the attacker wishes.


It’s important to note that this is any bash instruction, meaning the attacker could do anything from see who is logged in, to planting the classic Linux ‘fork bomb’ and rendering the system useless until repaired.


Which Linux distributions are affected?


Nearly every Linux distribution for the last 20 years is exploitable, including:



  • CentOS 5

  • CentOS 6

  • CentOS 7

  • Ubuntu 10

  • Ubuntu 12

  • Ubuntu 14



To get more information about Shellshock, visit Shellshocker.net for the latest updates.



Again, if you are not a MangoXchange Managed Services customer, we strongly recommend you patch your Linux servers immediately. Should you require assistance, please contact our support technicians. We are always available 24x7x365 to help.