All news related to Sangfor, our Products, our Events, etc.You can also follow our social media accounts such as Facebook, Twitter, etc. for more updates about Sangfor.

“Shellshock” Bash Vulnerability

On September 24th 2014, a Bash vulnerability, referred to as “Shellshock” or the "Bash Bug" was discovered. The Bash vulnerability allows remote attacks to execute arbitrary code on vulnerable systems (given certain conditions), which can download malwares or wrecks all kind of havoc to the systems such as implanting back door, getting user privileges and accessing files & personal data.

Many experts are saying that this threat is more serious than Heartbleed with more than 500 million computers that could be infected.

A detailed description of the bug can be found at CVE-2014-6271 and CVE-2014-7169.

A. Why Shellshock is so dangerous?

1) Bash is widely adopted in non-Windows systems, particularly used in IT servers & systems. The vulnerability is putting all systems with Bash shells that can be accessed remotely at risk:

• Apache HTTP Servers that use CGI scripts (via mod_cgi and mod_cgid) that are written in Bash or launch to Bash subshells
• Certain DHCP clients
• OpenSSH servers that use the ForceCommand capability
• Various network-exposed services that use Bash

2) You do not need to be an expert to perform an exploit.

3) Possibility of more vulnerabilities derived from this Bash vulnerability could be discovered any time. There might be more vulnerabilities all the way down in the bash code and hackers are striving to find them.

B. What actions should I take?

1) Apply patches to the vulnerable systems.

2) Shut down the infected services if necessary or when a patch is not available.

3) If there is an IPS in place, keep the IPS rules updated to get protection.

4) Deploy security devices to ensure timely protection against current, emerging and possible vulnerabilities.

C. How can SANGFOR NGFW help?

1) SANGFOR has released the IPS rule (ID: 12030512) to protect our NGFW users from these vulnerabilities exploits.

2) Reports are available on SANGFOR NGFW to show where the intrusions are coming from and which of your systems contain the vulnerabilities and need to be fixed.

3) In the unfortunate scenario where your system is already infected, SANGFOR NGFW APT module will pinpoint those infected with malware and stop their malicious connections to any external network.

4) The SANGFOR security team are monitoring and researching on the possibility of further discovery related to the Bash vulnerability to ensure that protection measures can be issued in time.

Contact SANGFOR for more security advices or ask for a free trial for a faster and better protection.

Our Social Networks

Global Service Center: