Shellshock BUG: just 4 fun with netsparker
|Scan By Netsparker|
Well, I thought I'd explore a current issue, then let's talk about ShellShock.
Recently, security experts disclose the discovery of a bug that affects Linux systems using Bash, the shell quite popular in *nix systems, such as Linux and OS X, Apple.
Stephane Chazelas a free software enthusiast, discovered the flaw.
Look for CVE-2014-6271
The vulnerability is globally known as Shell Shock; a reference to the environment explored by the bug, known as shell (used for interacting with the operating system through commands). The shell in question bears the name of Bash, an acronym for Bourne Again Shell.
The Bash is currently the most common shell in use, and is installed on most Linux servers in the world. The flaw allows an unauthorized person, remotely execute commands on the affected machines. Given the breadth with which Bash is used, from servers to embedded systems (cameras, routers, commercial terminals), the potential for harm is so huge, as Heartbleed, another flaw found in OpenSSL earlier this year.
The National Institute of Standards and Technology of USA assigned to Shellshock note 10, the maximum on the scale, in terms of severity, impact and exploitation, and to make matters worse the same agency said the fault is of low complexity, which means it can be easily used.
- Protection: Use patch and patch to upgrade on all servers that run Linux and Bash
- Besides the update of the servers, it is important to monitor all activities, and take all appropriate measures to ensure the safety of websites, emails and other data stored on your company's servers.
- Keep updated scripts: always take care to update all other scripts (like WordPress, Joomla, or any use that) to the latest version available.
- Use updated software: it is important to use the latest version, since many times the software is updated solely for the purpose of performing any security fix.
Netsparker is the Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) and security issues on all web applications and websites regardless of the platform and the technology they are built on.
Netsparker is very easy to use and its unique detection and safe exploitation techniques allow it to be dead accurate in reporting hence it is the first and only False Positive Free web vulnerability scanner, therefore users can focus on remediating reported vulnerabilities and security issues without wasting time on learning how to use the web vulnerability scanner or verify its findings.
Article by Rafael Fontes Souza.