Shellshock Bash Bug

Shellshock Bash Bug – Description and Prevention

Shellshock is another deep-seated security bug that seriously threatens any network device.  Experts have learnt about an anomaly in Unix command shell (or bash) found in Linux and Mac devices that enables attackers to run any code upon the execution of shell.  The shell—also known as command prompt—is a software application that enables a system to communicate with the user by interpreting the text.

 

Shellshock Bash Bug
Shellshock Bash Bug

 

As the shell is flawed, attackers have the ability to gain control of any device within the network that runs the bash.  More troubling, this can still be possible even if the commands have been limited for remote users.  If you can realize the full impact of this security breach, this can inflict huge uproar from the mass of users as their daily internet usage relies on the shell.

 

Nevertheless, your computer may remain unaffected by the Shellshock bash bug if you’re running a firewall that blocks external requests not initiated by your local software.  There are also cases when there is an issue in servers.   Just to be sure that your Linux or Mac OS X system does or does not have this vulnerability, we encourage you to perform this test.

 

  1. Open your Terminal and enter this code: env x='() { :;}; echo vulnerable’ bash -c ‘echo this is a test’
  2. If you see the word vulnerable as a reply, then as it is… your system is vulnerable to Shellshock.

 

As your system is open to malicious individuals, know that you are also facing the following probabilities:

  • malware loading to your system
  • theft of sensitive data
  • deletion or editing of your files
  • activation of your camera
  • … and so much more!

 

Prevention against Shellshock

No need to worry so much about this vulnerability as many software developers already issued patches to protect you from this bug.  All you have to do is to perform an update to your system and install the latest patches they have developed.

Comments

comments


Posted

in

by

Tags: