Shellshock: Check Your Web Server

by | Sep/26/2014

Shellshock is a bug that may exist on your servers and even your Mac. Even if you use Windows in your office, your web server may use Apache on Linux.

One big problem with Shellshock is that it is very easy for attackers to exploit a system. They tell a system, “Here is a program. Run it.”

Apple has not, as of now, released a patch for OSX. There is a new patch for Linux, but it does not completely fix the problem.

As an executive, even if you have limited IT experience, you can go to Google and enter this search phrase:
filetype:sh inurl:cgi-bin
(replace Foster Institute’s web site with your own actual website)

Hopefully, Google will tell you that the search did not match any documents. However, either way, it is still possible you are vulnerable. Ask your IT Pros to make sure your web server does not use Linux.

Please forward this to everyone that you know if you want to help him or her be secure against the ShellShock vulnerability!

The rest of this document is more technical, intended for your IT Pros.

There is a patch, but the patch only solves part of the problem. To see if the patch is in place, you can execute the bash command:
env x='() { :;}; echo vulnerable’ bash -c “echo patch this system”
There will be an error message anyway, but if you do see the words “patch this system” displayed as output, then the patch hasn’t been applied.

Even after you apply the patch, as of the time of this blog posting, your system is still vulnerable. To demonstrate, issue this command:

env X='() { (a)=>\’ bash -c “echo date”

You will see error messages similar to:
bash: X: line 1: syntax error near unexpected token `=’
bash: X: line 1: `’
bash: error importing function definition for `X’
Then, to find out if you are vulnerable, look at the contents of the file echo by issuing the command:
cat echo
If the response shows the date, then you are vulnerable:
Fri Sep 26 02:07:16 UTC 2014

To learn more reference CVE-2014-6271 and CVE-2014-7169

Please post your comments below…