There was a lot of talk today about the Shellshock Bash bug, discovered yesterday. Of course, once such a vulnerability is known to the general public, web servers worldwide may become vulnerable since from this point on, hackers will try their luck on as many machines as possible.
We confirm that all WebPal Cloud Servers were patched with the necessary security upgrades once these patches became available and that at this point, applications in the WebPal Cloud are safe from exploitation of this vulnerability.
To learn more about this bug and how we are protecting WebPal Cloud Servers from vulnerabilities like this one, contact us anytime at email@example.com or call at 1-866-360-0360.
More about the Shellshock Bash Bug
The vulnerability affects a popular software called Bash, short for Bourne Again Shell, which is a command line shell and is present in Unix operating systems that many systems such as Linux and Mac OS X are built off of. In short, the bug may allow attackers to take control of these operating systems and execute code remotely.
Although the vulnerability is being compared to the Heart Bleed Open SSL bug and has given the highest rating on the Common Vulnerability Scoring System (CVSS), security experts are saying it may be harder to exploit. According to Rapid7 Security, “in order to exploit this flaw, an attacker would need the ability to send a malicious environment variable to a program interacting with the network and this program would have to be implemented in Bash, or spawn a sub-command using Bash.”
What this means is that even if Linux-based web servers are affected by the vulnerability, a combination of poorly coded web application code (which does not verify user parameters passed to system calls) and unfortunate choice of BASH as the command for system-level functions.