Shellshock – Apple and Linux operating systems are vulnerable


You may have heard about the recently identified Shellshock vulnerability in the media.

The vulnerable component is the Bash shell which is found in Linux distributions. This issue also extends to Apple computers and portable devices.

 

This vulnerability has been given a high severity rating by security specialists due to it being relatively easy to exploit, and would provide a remote attacker with direct access to a system or server.

 

If you own Apple computers and portable devices…

Read apple-says-os-x-is-safe-from-shellshock-i-however-am-skeptical which helps to provide some perspective.

Update your OS X / iOS operating system with the latest released by Apple (your device will likely let you know when you need to do this).

On another matter, if you use an iPad or iPhone to study with us, you should read this post too – Seeing a [blank] lesson page? – How to view lessons on iPads and iPhones or add flash to your browser

 

If you operate Linux servers within your organisation…

Note: many Network Attached Storage (NAS) devices and other devices around the home network operate using Linux platforms…

Do the following:

  1. Call up a Terminal window on your server, and type in this line of code at the $ prompt:

    env x='() { :;}; echo vulnerable’ bash -c ‘echo hello’

    If your system is vulnerable, then you will see this:

    vulnerable

    hello

    If it is not vulnerable you will see this:

    bash: warning: x: ignoring function definition attempt

    bash: error importing function definition for ‘x’

    hello

  2. Verify whether your operating system is based on one of the Linux Kernel versions ranging from 2.6.31 to rc3,  on the current Stable version
    3.14.3, or on the Mainline version 3:15 – rc5.  With the following command you can find out which Kernel version is installed on your system:

    uname -a

  3. If you are using one of the versions listed above, you should seek to perform an update at the earliest opportunity. For example, using apt or yum or zipper depending on your system.

 

An update may be impossible on older versions of the operating system. If you do have any questions, please contact your server administrator.

 

The following link provides a robust description about this vulnerability:

http://www.ibtimes.co.uk/what-shellshock-os-x-linux-bash-bug-that-could-be-bigger-heartbleed-1467201

 

 

Leave a comment

Your email address will not be published. Required fields are marked *