News
News Categories

ShellShock emerges in the wild, poses threats to Linux-based devices

By Marcus Wong - on 29 Sep 2014, 2:50pm

ShellShock emerges in the wild, poses threats to Linux-based devices

According to security researchers, a recently discovered vulnerability known as “ShellShock” or “BashBug” could affect most versions of Linux and Unix operating systems, potentially allowing attackers to gain control of targeted computers.

This is because the vulnerability targets Bash, a shell component used in many versions of Linux and Unix to act as a command language interpreter (like MS DOS for example). In other words, Bash allows user to enter commands into a simple-text based window for the operating system to run.

By targeting a feature in Bash that allows it to run commands passed to it by applications, ShellShock could potentially set environment variables on the system, affecting the way processes run on that computer. An attacker could also attach malicious code to the environment variable, so that it runs once the environment variable is called up.

Because Bash is widely used in Linux and Unix operating systems that are connected to the internet (like Web servers), it’s easy to see how an attacker could not only steal private data, but gain control of multiple computers on the network through a single infected computer.

For now, attacks have still been limited, but proof-of-concept scripts have already been developed by security researchers, and the general consensus is that it’s only a matter of time before attackers attempt to find and exploit unpatched computers.

While the vulnerability potentially affects any computer running Bash, it can only be exploited if the attacker is able to force an application to send a malicious environment variable to Bash, so the most likely route of attack is through web servers using CGI (Common Gateway Interface) to generate dynamic web content.

Illustration of how an unexpected command could be run to exploit the ShellShock vulnerability.

Most servers use Bash to interpret environment variables sent using CGI, so any malicious commands attached to it will also be executed. Also, Linux-based routers that have a web interface which uses CGI and computers running Mac OS X are potentially vulnerable until patches are updated, so Symantec’s number one advice is to apply any available security patches immediately.

Source: Symantec, NVD

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.