Same-day service...CALL TODAY
1300 738 570

Linux Bug opens up back doors to hackers

Exposed bug more dangerous than Heart Bleed?

The command line interface commonly known as the Bash shell has been found to contain a quirk which allows the Linux systems to run commands unintentionally. This software bug called Shellshock or Bashdoor allows a hacker to gain control of a Linux sub-systems by appending instructions to common software commands built within the shell.

Shellshock Test Code

This new bug likened to the recent Heart Bleed vulnerability was discovered on the 12th September 2014.

Within hours of the software bug made public, hackers created thousands of Botnets and distributed denial of service attacks (DDOS) with the use of Shellshock against major companies on the Internet. It has been said that Shellshock could be used compromise millions of unsecured Linux and Unix systems. Apple commented that their operating system, OSX, was safe to use and didn't not contain this quirk. 

Is this all too technical then take a look at this video posted at the Gold Coast Bulletin website.

Reported attacks

On the 26th September 2014 a security firm called Incapsula reported that 1,800 web domains has been attacked. The United States Defense Department and Akamai Technologies had been attacked by a Shellshock botnet dubbed "wopnet". And on the 6th October, Yahoo had indicated that their systems had been compromised.

Community to the rescue

Various Internet community members have performed testing and found a few bugs related to this issue and have reported their findings to security vulnerability websites like CVE (or Common Vulnerabilities and Exposures). Organisations like the CVE endeavours to provide an up to date list of all vulnerabilities found in a majority of software in use today. New bugs are posted, made aware to the broader community, and patches to software are released soon after. 

Community testers have reported bugs, CVE-2014-6277 through to CVE-2014-7187 (as found on the CVE website), and are currently under review. 

Is my system comprised?

To check whether your business servers have the vulnerability, paste the following into your command line;

env 'VAR=() { :;}; echo Patch your system!' 'FUNCTION()=() { :;}; echo Patch your system!' bash -c "echo Bash Patch not required"

If you see "Patch your system!" then you need to upgrade to the latest security patches for your operating system. Performing the following on a Ubuntu system will automatically upgrade the Bash to the latest version;

sudo apt-get update && sudo apt-get install --only-upgrade bash

How can we help?

Buzz A Geek provides IT related services to businesses throughout Australia. Our geeks experts on a wide variety of operating systems, including Microsoft Windows Servers, Linux based systems, or the Mac OSX. So if you think your organisation might be compromised then feel free to in contact with us to arrange for a computer geek to come to your home or business.

RSS Feed

Subscribe

Categories

Tags

Latest Posts

Archives

TESTIMONIAL

Thanks for your prompt action and good result with the media computer... Will certainly recommend you to our colleagues.

S. Kidd, Tewantin, QLD, 2013
DID YOU KNOW?

Interface Manager! That's what Windows was originally named.