CUSTOMER SECURITY ALERT: Customers running Linux/MAC

Brian HammBlog, Security

tampa-it-security-company

CUSTOMER SECURITY ALERT:
Customers running Linux/MAC


Security Alert

tampa-it-security-companyThere is a new security alert that you will likely be hearing about in the coming days called ShellShock.  It is just as big as Heartbleed in relation to the number of systems that need to be patched however the threat landscape (systems actually in danger) is smaller because only systems running cgi-bin web-code or ssh are remotely vulnerable.  MAC/Linux laptop users may want to stay away from public wifi until patches are released as there is also potential for DHCP attacks. (CVE-2014-6271 & CVE-2014-7169)

A quick check for customer’s public facing servers is to Google: “filetype:sh inurl:cgi-bin site:<your public DNS domain>”

For example noaa.gov has a lot of patching to do:

https://www.google.com/?gws_rd=ssl#safe=active&q=filetype:sh+inurl:cgi-bin+site:noaa.gov

Internally you can run these commands from a command shell on your Linux machines to determine if your machines still need patched, and yes MAC OSX is vulnerable.  There are actually two methods to attack this vulnerability and only the first has been patched as of this writing.  (CVE-2014-6271 & CVE-2014-7169)

MacBook-Pro:~ USER$ env x='() { :;}; echo vulnerable’ sh -c “echo try this test”

vulnerable
try this test
MacBook-Pro:~ USER$ env -i X='() { (a)=>’ bash -c ‘echo date’; cat echo
bash: X: line 1: syntax error near unexpected token `=’
bash: X: line 1: `’
bash: error importing function definition for `X’
Fri Sep 26 08:45:14 EDT 2014

A good 13 minute summary presentation by Johannes Ullrich from SANS


About the Author

Brian Hamm

Learn More
About Extensys

  • This field is for validation purposes and should be left unchanged.