Linux and Mac Users Shellshocked from BASH Vulnerability

September 26, 2014 | By Kevin Judge
1 Star2 Stars3 Stars4 Stars5 Stars

Linux and MAC OS X users need to be aware that a critical flaw in the “Bourne Again Shell” (BASH) that processes commands may allow remote attackers to execute arbitrary code. The vulnerability is being referred to as “Shellshock” and is being taken very seriously. Homeland Security and the Federal Financial Institutions Examination Council (FFIEC) among others have issued urgent alerts on Shellshock.

Bash is often used as the default desktop and server shell for entering commands. For Windows users think DOS Command Box. This can impact both desktop and server users, but the potential danger for servers is clearly higher.

This flaw allows attackers who can provide specially crafted environment variables containing arbitrary commands to execute on vulnerable systems. It is especially dangerous because of the prevalent use of the Bash shell and its ability to be called by an application in numerous ways. Homeland Security has rated this as “high impact” with a “low skill level” required to implement.

Many UNIX-like operating systems, including Linux distributions and Apple Mac OS X include Bash and are likely to be affected

BASH is frequently used on Linux and Unix web servers and could leave web applications extremely vulnerable to attack. Patches have been released to fix this vulnerability by major Linux vendors for affected versions.

Be Sociable, Share!


    E.cryptid September 30, 2014 at 5:41 pm

    Are Android OS mobiles also affected?

      Kevin Judge September 30, 2014 at 5:57 pm

      I have read that it is possible because Android is a Linux based OS, but I do not know how likey it is that BASH would be on a mobile device

        Ecryptid October 1, 2014 at 4:31 pm

        I did a bit of research and it appears Android OS uses an alternative to bash or it’s not run in an unsafe manor. A bit of a grey area I guess.

          Kevin Judge October 1, 2014 at 4:54 pm

          It is my understanding that this is being viewed first as a server vulnerability.
          Desktops and Android device could be vulnerable in some situations, but only if the server is infected first and the hackers use their control to reconfigure BASH.

          The safest thing is to watch for updates from the vendor and make sure you apply them.


    Add new comment

    Your name

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


    What Hidden Threats LurkOn Your Endpoints?

    Get complete security from known and unknown threats from Comodo Endpoint Protection

    free threat scan

    How Secure is your network against Internet-based Attacks?

    Take the instant Network Security Assessment to get your security score!

    test my security now