Update: Bash Shellshock Security Bug

Don Miller

bTrade issued a press release earlier this week in response to the widespread concern about the Bash Shellshock security flaw. We felt it was important to let our customers know that bTrade’s solutions are not vulnerable to this bug. We also felt that it was urgent to give MFT Nation readers as much information as quickly as possible, so we have created the following blog on what we know to date.

What is Shellshock?

On September 24, 2014, European security researcher, Stéphane Chazelashas, discovered and disclosed a critical vulnerability in the command-line shell known as Bash, the most widely deployed shell for UNIX-based systems. Bash is a free software system that has been around since 1989. The Bash Shellshock bug affects UNIX, Linux, BSD, OS X and other UNIX derivatives. To understand the potentially crippling nature of this bug, the U.S. government has rated this security flaw 10 out of 10 for severity. Detailed descriptions of the bug can be found at CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187.

How does it make companies vulnerable?

The Bash bug allows an attacker to perform the same commands as a legitimate user. Many web servers use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This allows hackers to take control of a vulnerable machine, steal data, shut down networks and cause other problems. For a more technical look inside Shellshock, please visit the McAfee Blog Central post here.

What can companies do to protect themselves?

bTrade’s Vice President of Engineering, Clifton Gonsalves, offered this suggestion:

We believe that the target of this vulnerability would be the public facing web servers and any other systems which may process user inputs both directly or indirectly. We highly recommend our customers to get their operating systems patched as soon as possible.”

So, we recommend that IT security personnel obtain the latest patches from their vendor and upgrade their OS software to the latest version. For more information on the patches that are available, or to determine whether your systems are vulnerable, visit Red Hat’s Shellshock Vulnerability Detector. It will be a top priority for IT security personnel to close any holes in their systems that would leave them vulnerable and allow hackers to penetrate internal systems. It will also be pertinent to make sure all passwords on your network and to any security products have been changed.

Remain Vigilant and Invest in Appropriate Technologies

We would like to take the opportunity remind everyone, customers and non-customers alike, of the importance of data security in our day-to-day lives. With growing security threats affecting global organizations, enterprises need to be vigilant and invest in appropriate technologies to address these serious challenges.

bTrade Can Help

To learn more about bTrade, or if you have questions or need assistance on ways to protect your enterprise network, please contact our data security experts at info@btrade.com.