Shellshock, “bash bug” and your website hosting environment

If you website is built upon Linux or Unix hosting then it could be at risk from the so called Shellshock or “bash bug”. The hole in bash was noted on Wednesday, 24 September, 2014, and has been named “CVE-2014-6271: remote code execution through bash” by SecList. The threat level for this has been set at 10 it’s highest threat level.

Now just for clarity Shellshock / Bash Bug is a hole which has existed for 25 years affecting unix and linux systems including Mac OS X, infact I even did a quick check to see if it affected on my 1990 commodore Amiga 500 just to prove that point but thats an aside. The fact is, it’s pretty widespread however the conditions required to affect an attack are fairly specific so immediate you can avoid immediate panic.

Shellshock is one of the most prolific security floors discovered in recent times since it has the potential to affect a vast majority of webservers through apache. Note that I used the word ‘potential’, the reason is that in order for an attacker to gain access to your system they would need to be able to insert a malicious environment variable in to a pre-running program that happened to have been spawned by the bash environment or a sub-command that uses bash. breaking that down a level, what that means is you would need to inject some code in to a bash program and the most likely candidates would be diagnostic CGI scripts and php scripts running in CGI mode that call out to the system().

If you are a website owner hosting with a third party, unless you have a virtual server that you have created yourself it is unlikely you will be able to do much, it will be your web hosts responsibility to get the latest bash patches. Take a look at any php scripts that run cgi keep your software and site as up to date as possible. If you don’t have a backup of your site now would be a good time to get one and if that site is wordpress than a tool like backwpup is one of the best solutions i know of. The reason is that if you are on a shared hosting platform all it could take is one account unassociated with you to be compromised and your site then becomes vulnerable because of sharing the same server environment.

Some actions to take if you are responsible for a web hosting environment
So if you run apache on your servers and run php and cgi scripts things like cpanels /cgi-sys/defaultwebpage.cgi, then take a look at any php or cgi that run the system variable and assess how necessary and secure they are, silo them if they aren’t completely necessary. Use a port scanner like masscan to look for telnet ftp or older versions of apache. These are the things that should come as highest priority to patch or disable.