Skip to content

Gotham Security Threat Alert – SHELLSHOCK

by on September 25, 2014

September 25, 2014- CERT-UK Update BASH Vulnerability AKA SHELLSHOCK Announcement CVE-2014-6271 and CVE-2014-7169.

Please see the article for full details including a testing procedure.

  1. Overnight a vulnerability was announced in the computer program ‘bash’ (ref CVE-2014-6271). This vulnerability enables unauthenticated users to run arbitrary commands, and in some configurations remote code execution is possible. This has been scored the highest possible threat ratings by independent security research bodies, including NIST, for both impact and exploitability.
  1. Bash is a standard program installed on most machines running non-Windows operating systems as standard including, but not limited to, Unix, Linux, MacOS and many embedded architecture devices. The affected versions go back to bash 1.14 which was first released in ~1995. Unlike the Heartbleed vulnerability which affected only openssl (an additional program that only certain users actually implemented), SHELLSHOCK is likely to affect a much wider community.
  1. CVE-2014-6271 has a working patch for most distributions (more details in the below Advisory link), however there are reports that the patch is not a complete fix and so a further vulnerability ID has been established (CVE-2014-7169). There is the potential that the increased focus on bash will lead to further vulnerabilities being discovered in the coming days. This follows a recent trend of security researchers to identify vulnerabilities in hitherto trusted applications.
  1. The real-world impact of this vulnerability depends greatly on the systems on which they are deployed. However, due to the common usage of *nix systems as servers in network environments it should be assumed that most server-based architectures are affected. This will inevitably include organisations that are part of the CNI. As such, all organisations that make use of *nix-based environments should pay particular attention to the patching requirements and other mitigation steps.

This vulnerability has the ID CVE-2014-6271, and has been given an Exploitability score of 10.0 – the same as Heartbleed

Check Point has published a response that they are aware and researching, as follows.


From → Security

Comments are closed.

%d bloggers like this: