vertner.net

Bashing the Latest Bug

Hey! Listen!Hey! Listen!

Well, it’s time for another possibly-disastrous exploit. This one affects all systems which run the GNU Bourne Again Shell, affectionately known as Bash and is found in OS X and most flavors of Linux.

The bug, discovered by St├ęphane Chazelas, is mostly a concern for internet-facing servers that process any web requests, secure shell, telnet, or any other programs that execute Bash scripts. It’s currently unknown just how many servers may potentially be at risk or in just what ways the bug might be exploited by malicious software. Bash is embedded in so much networking hardware for the purpose of administration, it’s hard to even nail down just how much is vulnerable.

An easy way to test to see if your Bash is vulnerable is to pop open a terminal window and enter the following:

1
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system is vulnerable, the output will be like this:

This is vulnerable as all hellThis is vulnerable as all hell

Otherwise, it will return an error and a warning.

In any case, update any system you have running a Linux-based OS aggressively in the days to come. Most major Linux distros have updated their repositories with a fix, though there has been no word on when Apple will issue a patch for OS X or iOS.

Hopefully it will be on par with the Heartbleed bug from earlier this year and will only be a temporary massive gap that is quickly responded to by system administrators.

Comments