fbpx
 

Guest Blog: Paul Vallee, Pythian on Bash

A new vulnerability in a utility called “Bash”, a commonly-installed command execution shell, was discovered yesterday. This vulnerability has been termed “SHELLSHOCK” by the media. Pythian’s systems were patched overnight and are no longer vulnerable.

This vulnerability only affects Linux systems, so if you are not running Linux on your data center servers this vulnerability does not apply to you.

What is Bash?
Bash is a “shell”—a basic component that enables interaction between a human and an operating system, in this case Linux. It is responsible for running all common commands such as directory listings, moving, or copying files, etc.
What is the vulnerability in Bash?
The vulnerability allows someone to run any arbitrary code on an affected machine. If this was only due to human interaction, we can assume the user will be logged in and already have permissions to run that code, so what is the big deal? The issue arises because Bash is commonly called by lots of other code as part of their execution that may not necessarily be a human logged in. For instance, certain web servers call bash, so anybody who has access to your web pages could “inject” and run unauthorized code on your servers to take them over, serve malicious code, or even steal confidential data. More information is available here: CVE-2014-6271.
What should you do?
Patches are available from all major Linux vendors such as Redhat, Debian and Oracle for their versions of Linux. Most Web Application Firewalls (WAFs) have been updated to guard against this exploit.

Notice to clients who use Amazon/AWS

Amazon is going to be proactively rebooting ALL AWS instances between September 26, 2014, at 2:00 UTC/GMT (September 25, 2014, at 7:00 PM PDT) and September 30, 2014, at 23:59 UTC/GMT (September 30, 2014, at 4:59 PM PDT). They have not stated what ‘bug’ they are fixing at this point and do not intend to do so until all of the reboots have been completed. This is a very large scale effort, and one Amazon has decided is necessary due to the severity of the bug.

Reports indicate all instances will be affected with the the exception of T1, T2, M2, R3, and HS1 instance types are not affected.

For more information see below, and also notices should be visible within your AWS Console
http://www.zdnet.com/aws-users-fret-over-downtime-ahead-of-amazons-massive-ec2-reboot-7000034041/

http://www.networkworld.com/article/2687974/cloud-computing/amazon-readies-for-major-reboot.html

• If you are a Pythian client, please contact your team lead immediately to co-ordinate patching your systems.
• If you are not a Pythian client: Pythian offers a rapid response team that can rectify these sorts of situations and can help harden your systems to prevent exploits. To engage Pythian, please email info@pythian.com.

Paul Vallee, CEO – Pythian

Leave a Comment

Your email address will not be published. Required fields are marked *

*
*

Contact Us

If you have an urgent question regarding your software licensing or a software audit, please contact Miro right away.

Phone:
(732)738–8511 x1208
Email:
Webchat:
Use the chat box on the right
Meeting:

About Us

Miro is a leading global provider of software asset management services, specializing in license management, audit advisory, negotiation tactics, support management, and cloud services. We help our clients maximize ROI on their software license investments, stay in compliance, and minimize the impact of audits. Miro's performance guarantee promises that our long-tenured, diverse, and passionate team of expert analysts provides insightful and actionable advice to help our clients achieve the best possible outcomes.