Shortly after the disclosure of the “Bash” bug called “Shellshock”, Kaspersky Lab indicated that it saw first attempts by criminals to take advantage of this widespread vulnerability also known as CVE-2014-6271.
The critical vulnerability in the Bourne shell, simply known as ‘Bash’, is present in most Linux and UNIX distributions and Apple’s Mac OS X. The ease with which it can be exploited and high impact this action may have should be noted. An attacker can simply execute system level commands, with the same privileges as the affected services. The vulnerability has just recently been discovered, and IT administrators are being urged to patch immediately.
In most of the examples on the Internet currently, attackers are remotely attacking Web servers hosting CGI scripts that have been written in bash or pass values to shell scripts. The vulnerability has already been used for malicious intentions – infecting vulnerable Web servers with malware, and also in hacker attacks. Kaspersky Lab’s researchers are constantly gathering new samples and indications of infections based on this vulnerability.
Says David Jacoby, senior security researcher at Kaspersky Lab; “This vulnerability allows an attacker to perform remote command execution attacks on a wide range of servers using the Bash shell. One example is Web servers using CGI-scripts to generate dynamic Web site content. Unfortunately, use of this shell is widespread – it is used in many server products, including those powering Web sites.
“The real scale of the problem is not yet clear. It’s almost certain that hackers and security researchers are testing Web services and Linux software right now and the results of these tests will probably be published in the coming days.
“The good news is that vendors of some of the most popular products affected by the vulnerability have already prepared patches that could at least partially eliminate the problem. Now it is up to administrators managing vulnerable systems as to how quickly they react and update vulnerable software.”