Bash and grab – Linux exploit bug may be more widespread than Heartbleed

25 Sep 2014

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Only months after news of the Heartbleed bug’s existence, a new Linux security vulnerability known as the Bash bug could potentially be more widespread and unfixable than Heartbleed.

The bug, which is more than 25 years old, exists within the Linux operating system in a utility known as the Bash shell, which is found on most Linux systems.

If exploited, the bug could have serious ramifications for companies with a significant digital presence.

In a post explaining the bug on Red Hat’s blog, many websites use the Bash shell to run in the background to run scripts and limited command execution within the operation, but with the introduction of a line of malicious software, the harmful code can worm its way through PCs and Macs and take over a company’s or individual’s operating system.

The security dangers and vulnerability of people’s personal and company information is obvious, but according to CNet and Robert Graham of Errata Security, this bug arguably makes it ‘bigger than Heartbleed’, simply because of the prevalence of the shell across the tech world.

For most software, ‘you’re likely screwed’

The Bash shell is so widely used that an attempt to catalogue every single piece of software containing the bug is simply too big to handle, particularly with older devices.

However, there is some minor respite for companies, as Graham says most primary servers will be largely unaffected, but companies need to undertake a thorough check on every other piece of software.

“There’s little need to rush and fix this bug. Your primary servers are probably not vulnerable to this bug.

This is the only piece of good news, as Graham elaborates further: “However, everything else probably is. Scan your network for things like Telnet, FTP, and old versions of Apache.

“Anything that responds is probably an old device needing a bash patch. And, since most of them can’t be patched, you are likely screwed.”

Linux code image via Shutterstock

66

DAYS

4

HOURS

26

MINUTES

Buy your tickets now!

Colm Gorey is a journalist with Siliconrepublic.com

editorial@siliconrepublic.com