Have any question?

Text or Call (954) 573-1300

Blog

LSeven Solutions Blog

LSeven Solutions has been serving the Fort Lauderdale area since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Alert: Don’t Get Hit with Shellshock by the New Bash Bug

b2ap3_thumbnail_alert_bash_bug_400.jpgA new malicious threat in the technical marketplace has just been discovered. The bug, dubbed the Bash bug, or "shellshock," is on the loose for users of Unix-based operating systems, like Linux or Mac OS X. It allows the execution of arbitrary code on affected systems, and could potentially be very dangerous for your business. In fact, CNet is calling it "bigger than Heartbleed."

Bash, which is commonly referred to as "Bourne again shell," is a staple feature of most utilities in Unix-based operating systems. RedHat's official security blog details the nature of the bug in the Bash shell:

In Linux, environment variables provide a way to influence the behavior of software on the system. They typically consist of a name which has a value assigned to it. The same is true of the Bash shell. It is common for a lot of programs to run bash shell in the background. It is often used to provide a shell to a remote user (via ssh, telnet, for example), provide a parser for CGI scripts (Apache, etc) or even provide limited command execution support (git, etc).

The problem is found in the environmental variables with specific values being used before the bash shell is summoned. These variables can contain code which is executed as soon as the bash shell is called. The name doesn't matter, so the content could be disguised as another, non-malicious variable. The most concerning vulnerability this bug provides is the ability for remote users to execute malicious code before the bash shell is activated.

Attacks have already been reported utilizing this vulnerability for a number of functions, including denial of service attacks and password-guessing bots, which randomly input poor password choices on unprotected servers. Researcher Robert Graham has located at least 3,000 systems vulnerable to the bug with a fairly specific search, and it is estimated that several times more machines could be vulnerable to this bug. This makes the threat very real, and if you use Linux or Mac OS X, your business's networks and data are at risk.

The threat is such a big deal that the United States Computer Emergency Readiness Team (US-CERT) has warned the public to download the patch before it infects their systems. To put it in perspective, the last vulnerability to make "Alert" status was the Backoff Point-of-Sale malware discovered in late July this year, which was able to steal sensitive information through sales terminals across the world.

While a patch has been released, it doesn't fix all vulnerabilities presented by the bug. However, it is still recommended by RedHat that you acquire the partial patch until the complete one has been issued. For help acquiring the patch, call L7 Solutions at (954) 573-1300. We'll apply it remotely so you have to worry as little as possible.

Tip of the Week: How to Reorganize Your IT Infrast...
Are You Sure Your Former Employees Won’t Stab You ...
 

Comments

No comments made yet. Be the first to submit a comment
<br />
<b>Warning</b>:  Attempt to read property /home/l7solutions/public_html/templates/ati/html/com_easyblog/comments/form.php on line 20
Guest"/>
Already Registered? Login Here
Thursday, 21 November 2024

Warning: Undefined variable $registration in /home/l7solutions/public_html/templates/ati/html/com_easyblog/comments/form.php on line 57

Warning: Undefined variable $registration in /home/l7solutions/public_html/templates/ati/html/com_easyblog/comments/form.php on line 91

Captcha Image

Customer Login

Customer Feedback

News & Updates

If you feel like you have too many browser tabs open at any given time, then you'll be happy to know that you can sometimes save certain browser tabs as a standalone application on your device. This will give them their own icon and make accessing th...

Contact Us

Learn more about what L7 Solutions can do for your business.

L7 Solutions
7890 Peters Road Building G102,
Plantation, Florida 33324