Shellshock: What You Need to Know

Here we go again. As network attacks continue to rise, more and more exploits are being found. Not so long ago there was Heartbleed, which was terrible in its own right, but now Shellshock (CVE-2014-6271, CVE-2014-7169) has been found and it is much worse. Yes, apparently even The Shredder is attacking networks now.

So what is so dangerous about Shellshock? Shellshock takes advantage of a Bash vulnerability in Unix-based operating systems(eg: Linux and Mac OS X) that gives a malicious user the ability to execute code on vulnerable devices remotely. Once a vulnerable system is compromised, it can be used to create a self-replicating worm to attack other systems, propagating through a network and other devices in little time. That means all data (credit card information, SSN, health records, selfies, etc…) on a compromised network can be accessed by malicious users. So who is vulnerable? Although any device running Bash that is connected to the Internet is at risk, servers are what will mainly be targeted.

The good news (for Untangle users at least) is that just like Heartbleed, NG Firewall is not vulnerable to this attack. That is because we do not use CGI or any other exposed interfaces (ex: ForceCommand feature in OpenSSH, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, etc…) that leverage Bash. Although unnecessary since it is not accessible or a vulnerability in Untangle, the Bash will still be patched in our v11 release.

And what about those other servers and devices in your network that are vulnerable to Shellshock? To test your level of exposure, RedHat has posted a guide. In the end, the best solution is to patch the Bash directly, or if necessary disable a vulnerable Bash until a patch is available and switch to another shell.

– Jason