Shellshock bash vulnerability bigger than recent Heartbleed

Shellshock bash vulnerability bigger than recent Heartbleed.

Shellshock bash vulnerability

Shellshock or Bash security vulnerability made public today

Another new security flaw has been discovered and made public today in what is probably one of the most widely used interfaces – the command-line shell used in many Linux and Unix based operating systems, including the vast majority of web servers and also MAC systems. It has been described by researchers as ‘bigger than Heartbleed’ and could be a major issue for digital companies, small and large-scale web hosts and even the huge number of internet-connected devices that often use Unix based systems.

Like Heartbleed, Shellshock is a pervasive flaw that security researchers have said has been in existence for at least twenty years but also say will take years to fix properly. The responsibility to do so is generally outside the control of most users though : for servers it rests with systems administrators ; for MAC OS based systems, it rests with Apple themselves ; for other devices it rests with the manufacturers.

Patching the shell

There are many warnings that even though the vulnerability’s complexity is low, the ease of exploitation and the wide range of devices affected (think along the lines of almost every router, home streaming system or any one of a number of internet connected systems we now use) require that system administrators and manufacturers apply and push patches to affected systems immediately.

Fortunately, it is relatively easy to test whether a computer system is still affected or has been patched, by running the following at the command line

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If a system is vulnerable then you will see the follow

vulnerable
hello

And if a system has already been patched then you will see

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
hello

All Havenswift Hosting managed servers – so that includes all Shared Hosting, Reseller Hosting and managed customer dedicated servers – were already patched before this announcement earlier today !

If you run an unmanaged server then you are very strongly advised to check for, and obtain a patch as soon as possible.

If you use a MAC running OS X then you are almost certainly affected by this same issue and it can be tested in exactly the same way. It is possible for any user of a MAC to patch the system themselves but this involves recompiling bash, which will be far beyond the average use. Fortunately it is expected that Apple will patch users quickly through their well-proven update mechanism.

The following two tabs change content below.
This is the main Havenswift Hosting company account that is used by different members of staff when making blog postings on behalf of the company rather than as individuals

Latest posts by Havenswift Hosting (see all)


There Are 3 Comments

Alison on 25 Sep, 2014

That is what I like about havenswift – proactive where security is concerned.

Thanks for the timely article. Amazing how many of these newly discovered vulnerabilities have been there for years!

John Adams on 29 Sep, 2014

As Alison said above, it is great that you are so proactive about security and let us know not just about security of your servers (and therefore our websites) but also about some of the more important general security issues like the Adobe one

Havenswift Hosting on 29 Sep, 2014

Thanks for both of your comments – security is very important to us ! Just a quick point about covering other security concerns, while we do sometimes write blog postings about specific issues, it is a drop in the ocean in comparison to the multiple daily issues that are exposed and eventually fixed for Windows PC and Mac systems. Other websites have much more comprehensive coverage but the best general advice is to install a good Anti-Virus product with an on-going subscription and scan at least daily, also use a malware scanner – Malwarebytes is great and works alongside most AV products and always check for and install system and software updates shortly after they are released

Post Your Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright Havenswift Hosting 2007-2018. All rights reserved.