ShellShock – A week later
Last Wednesday afternoon (September 24th, 2014), the Bash ShellShock bug was announced. This vulnerability / bug allows remote attackers to execute their code by passing strings of code following environment variables. We’ve seen a TON of attacks this past week on the servers we monitor.
An updated bash version with a fix was released the same day for Linux systems. Then, a day or so later, an improved patch was released.
The way these guys are trying to get access is to find cgi type scripts either written in bash or that call bash subshells. This will allow them to inject their code and either take over the server or simply export any files on the server to a location of their liking.
If you haven’t already, you need to call your Hosting company TODAY and ask them if the server that hosts your website has been patched for shellshock. Hosting companies that are on the ball (IQnection for instance, a local-to-me competent hosting/design/marketing company) had their servers patched the same day it was announced.
If your company has its own Internet-facing Linux servers, you need to get them patched up ASAP. If you need assistance with this, feel free to contact us.
(image from symantec.com)