I’m more in #ShellShock about the speed of the attackers !

If you haven’t caught up with it yet, there is a vulnerability out there which is quite a serious one.

What’s gone wrong now ?

If you have Linux, Unix or Mac OS X then you need to keep your eyes out for updates … and then learn how to test them for vulnerabilities !

 

So this is the issue … Bash. It’s in all the languages above and this is the problem with it :

I’ve given you a couple of links so you can get some breadth on the issue …

  1. Troy Hunt (LINK)
  2. Threatpost (LINK)
  3. CVE-2014-6271 (LINK)
  4. Akamai (LINK)

Well, am I affected ?

So yeah – that’s a biggie hey ?

Plenty of vendors have jumped on the scanner side of things to see if you are vulnerable :

  1. Errata Security (LINK)
  2. WebSecurify (LINK)
  3. Nessus (LINK)

Please note – you should use any tools you find on the internet with caution … only choose those you know or have been recommended by a competent security professional.

 

OK, you’ve probably ran that and found you are vulnerable. Yep, bad times ahead, I’m afraid. For those with multiple systems, it’s going to be a long night in the office.

Woah, so how do I fix it ?

Well it looks as simple as running update manager

  1. Update Manager (LINK)
  2. Ubuntu (LINK)
  3. Command line : apt-get update; apt-get upgrade; (Thanks to Matthew Pettitt for that ! LINK)

But … you said !

Disclaimer – this may fix this bug but could break everything that you were running, there may be a reboot and you never see your system again … backups please ladies and gents …. backups and test restores please.

OK, I’m still alive – now what ?

Test again … yes that’s right, check it’s been applied properly. (see section above !)

Phew, no problems here then !

Well not quite …

There is this bypass to look at :

bypass #shellshock patch: X='() { (a)=>\’ bash -c “echo date” creates ./echo with contents of `date` output

 

Oh and also – keep an eye out for the bots that have been trying to gain access for the last 24 hours !

  • What ?!! there’s already an active bot for this ?!! (LINK)
  • Yeah – there’s also this reverse shell too (LINK)
  • Oh and this daemon that reboots machines (LINK)

And is that it ?

Well essentially yes for now but keep a lookout on Twitter as there is sure going to be some big problems ahead which may be coming as a result of this. If you aren’t sure then go get some help … it’ll be on the news shortly so your boss will be OK by then to talk to you about it and will understand it. If you need a quick analogy … tell him we’re screwed and you’re going to resign. It’s easier than trying to fight the management team to try to get it fixed !!

 

The take away :

As technology becomes more pervasive and integrated into our lives and as some systems come to the fore, so the patching of those technologies has to be thought about. In this situation there are going to be some systems which simply cannot be patched. There will be some embedded systems, legacy Unix boxes etc which simply will not be able to be updated. The criminals were able to create an exploitive bot within hours while we were still warming up the PR departments to draft a catchy logo and first blog. The attackers yet again beat us. Add in to the mix the TVs, routers, medical equipment, SCADA systems and other devices yet to be discovered, we’re in for a bumpy ride – make sure you do your bit to keep the internet safe.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s