Express Computer
Home  »  Columns  »  Bash Bug: How to check your vulnerability quotient

Bash Bug: How to check your vulnerability quotient

0 616

A new security vulnerability, known as the Bash or Shellshock bug,  is expected to be deadlier than the Heartbleed, and can effect everything from major servers to connected cameras. Web security services provider Indusface decodes the bug

What is BASH?
Bash is the software used to control the command prompt on many Unix based computers.
What is the issue?
A newly discovered security bug in a Bash, could pose a bigger threat to computer users than the “Heartbleed” bug that surfaced in April 2014. Hackers can exploit a bug in Bash to take complete control of a targeted system, security experts said. The vulnerability affected Unix-based operating systems including Linux and Apple Inc’s (AAPL.O) Mac OS X.

What it can do?
The “Heartbleed” bug allowed hackers to spy on computers but not take control of them. Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera.

Give me some more input:
A security vulnerability in the GNU Bourne Again Shell (Bash) could leave systems running those operating systems open to exploitation by specially crafted attacks. “This issue is especially dangerous as there are many possible ways Bash can be called by an application,” a Red Hat security advisory warned.

The bug, discovered by Stephane Schazelas, is related to how Bash processes environmental variables passed by the operating system or by a program calling a Bash-based script. If Bash has been configured as the default system shell, it can be used by network–based attackers against servers and other Unix and Linux devices via Web requests, secure shell, telnet sessions, or other programs that use Bash to execute scripts.
How do I make sure that I am not vulnerable?
There is an easy test to determine if a Linux or Unix system is vulnerable. To check your system, from a command line, type:

env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

If the system is vulnerable, the output will be:
vulnerable
this is a test

An unaffected (or patched) system will output:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test

Hell – I am infected, what is the solution?
Because of its wide distribution, the vulnerability could be as wide-ranging as the Heartbleed bug, though it may not be nearly as dangerous. The vulnerability affects versions 1.14 through 4.3 of GNU Bash. Patches have been issued by many of the major Linux distribution vendors for affected versions, including:
Red Hat Enterprise Linux (versions 4 through 7) and the Fedora distribution
CentOS (versions 5 through 7)
Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS
Debian

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image