As you’re probably aware, a new vulnerability (CVE-2014-6271) was recently disclosed that affects Bash—a common shell used by most Linux/Unix distributions. This vulnerability, called “ShellShock” or “Bash Bug”, affects Linux/Unix systems, servers, embedded devices, even OS X and potentially mobile devices.
To put the severity of this vulnerability into context, we can recall the Heartbleed vulnerability back in April, which was rated a number 5 on the NIST CVSS score. ShellShock has been rated an impact score of 10, allowing unauthorized disclosure of information, modification and disruption of service.
After scanning your perimeter network services for vulnerabilities using a service like PureCloud Enterprise, it’s important to also identify which devices on your internal network are vulnerable to ShellShock, as they can easily be exploited by an insider threat or used to advance an attack laterally across the network.
Since ShellShock affects Unix and Unix-like operating systems, there are many devices that ShellShock can affect including firewalls, routers, switches, POS devices, tablets and smart phones.
To find the ShellShock vulnerability on your internal networks with Tripwire IP360, simply update to the latest ASPL release and run your scans as usual.
If you are not a Tripwire IP360 customer, you can use the free Tripwire SecureScan service to find ShellShock and remediate affected devices. Tripwire SecureScan provides free vulnerability scanning for up to 100 IPs and includes detection rules for ShellShock to uncover the vulnerability on internal networks.
Bashing the ShellShock Bug using Tripwire SecureScan
To find the ShellShock vulnerability in your environment:
- Sign up for a free Tripwire SecureScan account
- Setup the Secure Connector
- Run a vulnerability scan
After the scan completes, download the actionable report for a list of machines affected by ShellShock (as well as other vulnerabilities) and view the remediation steps.
In addition to Tripwire SecureScan, we also offer a free Python detection script on Tripwire’s Github page that allows you to test for the vulnerability.