Introduction

Shellshock the new ‘buzzword’ in the computer vulnerability domain. The critical vulnerability, that is remotely exploitable dubbed as the “Bash Bug”, is threatening billions of machines all over the world. It was discovered by the security researcher Stephane Chazelas at Akamai firm. The critical Bash Bug vulnerability, also known as Shellshock, affects GNU Bash versions ranging from 1.14 to 4.3.

  1. What is it?
  2. What is the threat extent and who is affected?
  3. Why that simple attack works
  4. Where attacks are coming from?
  5. What can you do?

1) What is it?

Shellshock is a computer bug that exploits the vulnerability in the UNIX command execution shell-bash to facilitate hackers to take control of the computer system remotely and execute arbitrary code, which affects UNIX based operating systems, including Linux and Mac OS. 

2) What is the threat extent and who is affected?

The risk that a Shellshock bug poses are quite threatening, The National Institute of Standards and Technology has rated the Shellshock vulnerability quite hazardous in terms of severity, impact and exploitability. Most computers and ‘IoT’ enabled smart devices like routers, Wi-Fi radios, webcams and even smart bulbs running on Linux OS are most likely affected.

The major vulnerability occurs when specific characters are included as part of a variable definition, like If the characters “{:;};” are included as the function definition, any random code that is inserted at the end of that definition is processed. In simple words, if any special characters are added on a few shell commands at the end of that definition, Bash will conclude executing those commands. Due to its widespread nature and severity, it is often compared with ‘Heartbleed’. Heartbleed was a vulnerability in OpenSSL that leaked the contents of memory without any user interaction.

3) Why that simple attack works

The BASH Bug poses a serious threat as it is very easy to execute, and requires little technical expertise to do so. The shellshock vulnerability flaw can be abused without any authentication by injecting maliciously code into a BASH system which enables hackers to gain command line access into the system resulting in unrestricted access to run programs, access to confidential data, reconfiguration of environments, steal sensitive information such as authentication credentials, change its settings or pervades the memory for sensitive data.

4) Where attacks are coming from?

Not only web servers that have vulnerable network resources, but also mail and DNS servers that use BASH to communicate with the operating system are also susceptible. While BASH Bug is normally found on Unix-based systems, organizations using Windows-based systems are not immune. Remember, BASH can be a part of home routers, many ‘IoT’ devices and embedded systems.

5) What can you do?

Most affected server and operating system providers have released software updates that debug the Shellshock vulnerability. There is a variety of mechanisms to check a system’s susceptibility or whether a patch has successfully resolved the problem. Log monitoring techniques should be used by organizations to detect any Shellshock exploitation; such a payload is delivered through a URL or HTTP header, hence it would leave evidence.

For securing an organization and successfully implementing effective vulnerability management the following points needs to be taken of:-

  • Identifying vulnerability quickly:

Speed is the key point. The systems should be monitored and scanned to check vulnerability threats. Adequate time and personnel should be deployed for thorough maintenance of system security.

  • Determining the level of vulnerability:

Knowing the organizations’ risk tolerance is essential in determining how severe a vulnerability might be. Depending on the network infrastructure, some vulnerabilities are more harmful than others.

  • Mitigating the vulnerabilities:

Update all firmware and operating system and install security updates. Use vulnerability detection tools or plug-ins to scan likely vulnerabilities. System administrators should patch systems immediately and closely track the network activity. Use the intrusion prevention system (ISP) when possible.

  • Third-party vendor services:

An organization that relies on third-party services should ensure that vendors take adequate security measures for the safety of their data.

  • Caution:

Caution needs to be taken particularly by Mac OS users. In the case of emails, any request for information or instructing to click a link or run software may often lead to phishing attacks.

Conclusion

While taking a tactical approach in order to eliminate the existing risk exposure caused by Shellshock, it is essential that all organizations take appropriate steps allowing them to detect, assess and protect themselves from future vulnerabilities by employing a vulnerability management framework tailored to their specific needs. Managing the emergence of new vulnerabilities is a key business process that underpins cyber security.

Every organization should have the ability to identify vulnerabilities that impact them in a swift manner, rate their severity and take remedial action at an appropriate time. Typically, a mature organization would manage the resolution of a critical vulnerability posed by Shellshock or Heartbleed using the same measures they would employ for a serious security incident, in order to drive the urgency and visibility required.

So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give them an edge in this competitive world.

ALSO READ

SHARE