Skip to content ↓ | Skip to navigation ↓

The Bash Bug/ShellShock (CVE-2014-6271) vulnerability is proving to be as big if not bigger than the the Heartbleed vulnerability proved to be. Tripwire’s Vulnerability and Exposure Team (VERT) and supporting teams have been working to rapidly get tools into the hands of customers and the community to help mitigate the risks that this exploitable vulnerability poses.

Free Detection Script

Even if you are not a Tripwire customer, we wanted to provide a tool that users can use to test systems in their environment for the vulnerability. We have published a Python script on the Tripwire’s Github page that allows you to test for the vulnerability both locally and remotely.

Usage: shellshock_test.py [-h] [--path [PATH]] [--paths [PATHS]]
 [--target [TARGET]] [--targets [TARGETS]]
 [--spider [SPIDER]] [--url [URL]] [--log [LOG]]
 [--ssl [SSL]]
 {local,remote}

Additional information can be found on the Tripwire Github page.

Tripwire VERT & IP360 Coverage (Updated)

For Tripwire IP360 customers, Tripwire VERT is actively researching and investigating the many facets of the new ‘BashBug/ShellShock’ BASH vulnerability (CVE-2014-6271) since the news broke and has already delivered robust coverage in ASPL-582.

To find the BashBug/ShellScock vulnerability in your environment with Tripwire IP360, simply update to the latest ASPL release and run your scans as usual.”

In addition, the team has published remote and local checks for detecting ShellShock using Tripwire IP360 that can be deployed now. The rules and additional information are available here.

Tripwire Enterprise

Content is now available for Tripwire Enterprise customers to detect if systems are vulnerable. The content provides a Tripwire Enterprise rule to see if your Bash version is vulnerable and a Tripwire Enterprise policy test to evaluate the rule results to identify vulnerable nodes. This content is available to Tripwire Enterprise customers in the Tripwire Customer Center.