What Does Shellshock Mean for My Enterprise Linux Operating System?

By | In Blog | October 30th, 2014

Shell Shock
A critical vulnerability in the Bash command-line shell engendered concern in its wake, but what does the discovery of Shellshock mean for my enterprise?

What is Shellshock?

Shellshock is a wide-spread vulnerability affecting versions of GNU Bash through 4.3. It has been found in the wild, specifically in active exploits against web servers.

Dan Timpson, vice president of technology at digital certificate authority DigiCert, explains on the company’s blog

Bash is a command-line shell used in many Linux and UNIX operating systems. … While Bash is often thought of as simply a local shell, it is arguably one of the most installed utilities in any Linux system. Many applications invoke Bash to run external commands, like CGI scripts—and this is where Shellshock comes in.

When Bash is called in an infected system, an attacker could leverage the vulnerability to cause Bash to execute any commands in the malicious environment configured. Some OpenSSH configuration and DHCP clients may also be affected by Shellshock. A successful attack could affect systems in various ways. In addition to crashing or hosting malware, an infected system could be used by an attacker to breach systems and obtain sensitive data and network access credentials.

Security experts note that there are specific conditions that must exist in the infected system for this to occur. Regardless, they encourage users to install all patches for Linux and other systems using Bash. They also recommend that system administrators install the latest intrusion detection signatures to detect and block any attempts to exploit system vulnerabilities.

Bash Patches

Vendors including Cisco, Juniper Networks, Hewlett-Packard, and Oracle issued security updates for their products as a result. Networking gear was particularly vulnerable according to CRN, which reported:

Cisco Systems identified dozens of networking devices, firewalls and other gear that are impacted by the vulnerability. Users of networking gear from Fortinet, F5 Networks, Dell, Check Point, Blue Coat and Barracuda Networks are also impacted by the flaw.

Oracle has generated a list of products that are affected by Shellshock vulnerabilities, or might be affected by them, along with a list of Oracle products that have fixes available. The list includes products by PeopleSoft, Sun, Pillar and other Oracle brands.

There’s really nothing to be gained by panicking. If your organization is proactively installing upgrades and updates for software and hardware and following industry best practices on network security, there is most likely no need for extraordinary measures.

How to Check for Bad Bash

You may wish to check your system regardless. To determine whether the servers for which you are responsible may be vulnerable, ReadWrite suggests opening your Terminal program and entering the following:

$ bash –version

To search for the bug, type:

$ env X=”() { :;} ; echo vulnerable” /bin/sh -c “echo stuff”

If the response is “vulnerable stuff,” then it contains the vulnerability.

This is one of several recently-discovered vulnerabilities found in Bash. Some are very closely related and are, as a result, being lumped under the Shellshock rubric.

If you or your colleagues observe an unexplained spike in traffic on a specific server, odd changes in system CPU/memory usage, suspicious connections and processes, and similar activity, your system may be infected.

For the latest information on this and other security issues, visit the United States Computer Emergency Readiness website.

Should you need more specific assistance, please contact Datavail for more information on how we might best support you and your organization with custom solutions tailored to your database security needs.

Image by hatoriz/123RF.

Contact Us
John Kaufling
Vice President and Practice Leader of Application Services
John Kaufling has more than 20 years of experience in the IT industry, including more than 12 years as an Oracle EBS database administrator at Level 3 Communications and at Oracle Corporation. His specialties include implementations, upgrades, performance tuning and extensive capability to support the product. John’s work with Oracle apps database administration has included experience with SOA suite, Veritas Cluster, Oracle DataGuard, Load Balancing from Resonate, Cisco and BigIP and extensive experience with Oracle self-service applications and self-service framework technology.

Leave a Reply

Your email address will not be published.
Required fields are marked (*).

1 thought on “What Does Shellshock Mean for My Enterprise Linux Operating System?”
  1. It is rather a proactive development in the IT industry if the present BASH vulnerability in LINUX OS was discovered before it is being exploited by the bad elements. However, my hunch is that this security breach might have already been exploited, even though there hasn’t been any news development to that effect presently, including from CertStation Threat Management Advisory, where it was reported Oct. 30, 2014. It is clear that OS security continues to remain vital to critical enterprise applications, and more reasons why System Administrators, DBAs and Developers must be always be careful in creating powerful directories, files, and applications, including using enterprise tools, that other IT folks with sufficient privileges can knowingly or unknowingly access, or exploit, through any web or enterprise applications, with dire consequences for the whole enterprise! It is even better to know that IT researchers are digging more to find any more vulnerabilities, while patches have been applied by leading IT Vendors!