Published on September 26th, 2014 | by Admin
Vendor solutions to Bash Bug only a partial fix: Bitdefender
Bogdan Botezatu, Senior E-Threat Analyst at Bitdefender suggests while most operating system vendors have already issued a partial fix to make attacks more difficult to implement, this is not a complete fix but rather a barrier to buy vendors more time to find a universal solution.
“A significant part of the Internet is running a Linux or UNIX-based version of an operating system that includes the bash shell. These UNIX-based web servers often run CGI scripts that rely on bash for functionality, therefore any attack against these scripts could result in exploitation and subsequently, could allow a hacker to remotely own the machine,” says Mr Botezatu.
“Additionally, attacks against web servers are very easy to implement and carry. The typical attack scenario involves an automated tool that tries to access CGI scripts and pass the environment variable as User-Agent (a string that tells the webserver what type of browser is being used on the other end so that the server knows how to format data before sending it).”
Bogdan advises that workstations (such as Mac OS X computers) and embedded Linux devices can also be subverted via bash attacks if specific prerequisites are met i.e. the attacker resides on the same network as the victim device.
It is recommended that those with vulnerable systems update the operating system immediately and then check back to see if there is a complete fix available.