Server Shellshock

An old exploit comes back to haunt us…

What is Shellshock?

Shellshock is a computer bug affecting Linux and Unix systems. The exploit is over 20 years old, but has just now been discovered by security researcher Stephane Chazelas. It relies on an exploit found surrounding the “Bash” function of Unix/Linux systems, which could allow an attacker to gain complete control of an unpatched system. It is currently thought to affect as many as 500 million different Linux/Unix-based systems, because Bash is installed by default and is often an integral part of the operating system, especially for web servers.

Am I in danger?

Yes and no.

There are already attacks being found in the wild, but due to it only affecting Mac, Linux, and Unix, if you do not use these systems you are relatively safe in the immediate sense. We want to make this clear, it does not affect Windows computers or servers.

How can this affect me?

You can be affected through your online accounts, because the vast majority of web servers use a version of Linux. There are already accounts of unpatched systems being compromised in the wild, but many companies are patching their systems as soon as the patches are available—some patches even went out the day the exploit was discovered. It is up to your system administrator to patch their systems as soon as possible.

If you are using a Macintosh computer, you are also vulnerable, but Apple will patch this issue soon with a security patch. Keep an eye out and update OS X as soon as the patch is available.

What has InfoTECH Solutions done to keep me safe?

We have scanned our own servers and found that we are not vulnerable to the exploit. Your data is safe with us.

How can I scan my own servers/services, if I’m curious?

You can check different sites and services yourself by going to this webpage: “Shellshock” Bash Vulnerability Test Tool