By:


Date:
Sep 29, 2014

Alert: Shellshock Bug Requires Immediate Attention – UPDATED: 9/29/14

Recently, the United States Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) issued an alert regarding CVE-2014-6271, or the ‘Shellshock’ bug, a severe flaw in the bash Linux shell.  This flaw allows attackers to gain complete control of a system with relative ease. A second vulnerability, CVE-2014-7169, was spotted while a patch was being written for the first.

UPDATE 9/29/14: Three additional vulnerabilities, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, were discovered early yesterday.
.

The status for Codero customers as of 9/29:

Managed Services: Your servers have been patched for all five vulnerabilities and our technicians are actively monitoring your infrastructure.

Self managed:  It is critical that you patch your servers against all five exploits immediately. If you have not updated bash since Sunday, Sept 28 at 1:11AM EST, your system is vulnerable. If you use CentOS, here are the instructions to patch against the first exploit (CVE-2014-6271). To patch against the second exploit (CVE-2014-7169), reference Red Hat’s instructions.

To patch against the three new vulnerabilities:

For CentOS 5, 6 and 7:

Update Bash:

 

yum update bash -y

 

Full system update:

 

yum update -y

 

For Ubuntu 10, 12 and 14:

Update Bash:

apt-get update
apt-get install bash

Full system update:

apt-get update
apt-get upgrade
apt-get dist-upgrade

If you are interested in learning more about the Shellshock bug, please see below.

How does Shellshock work?

Shellshock leverages other software packages such as Apache or CPanel that in some way relay instructions through to bash to be executed.  At its heart, the exploit is very simple; if a web request is crafted in a specific way, it can be used to execute any instruction the attacker wishes.

It’s important to note that this is any bash instruction, meaning the attacker could do anything from see who is logged in, to planting the classic Linux ‘fork bomb’ and rendering the system useless until repaired.

Which Linux distributions are affected?

Nearly every Linux distribution for the last 20 years is exploitable, including:

  • CentOS 5
  • CentOS 6
  • CentOS 7
  • Ubuntu 10
  • Ubuntu 12
  • Ubuntu 14

To get more information about Shellshock, visit Shellshocker.net for the latest updates.

Again, if you are not a Codero Managed Services customer, we strongly recommend you patch your Linux servers immediately. Should you require assistance, please contact our support technicians. We are always available 24x7x365 to help.

 

 

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedIn

Tags:

  • Chris

    The third step described in this article is currently incorrect (“To patch against the three new vulnerabilities”) – updates for bash have not yet been released by CentOS since the second update to fix CVE-2014-7169.

    • CoderoCommunity

      Redhat released an FAQ regarding the patches and why they are slowly rolling out the last patch.

      https://securityblog.redhat.com/2014/09/26/frequently-asked-questions-about-the-shellshock-bash-flaws/

      “Red Hat carefully analyzed the root cause of the issue and wrote and tested patches. We posted these patches to the community for review and allowing everyone to freely use them if they wanted to. Doing things correctly takes time!”

      We will definitely keep everyone up to date when the final patch has been pushed out