VPN Articles and News

What Is the Shellshock Bug And Why Is It Dangerous?

By Paul Liu
Monday, November 17th, 2014

The Shellshock Bug is a newly discovered security vulnerability (i.e., software bug or software virus) that targets Bash (Bourne-Again SHell), the shell and command line interpreter used in many Unix, Linux, Mac OS and BSD operating systems. According to reliable reports, the vulnerability has been present in the Bash shell code for at least 20 years without getting detected by anyone. A lot of security experts consider Shellshock to be more dangerous than the OpenSSL Heartbleed vulnerability that caused a major security scare few months ago. As a matter of fact, the American National Vulnerability Database has rated the bug 10/10 highlighting the severity of the problem.

How Does the Shellshock Bug Work?

Shellshock allows attackers to execute malicious code remotely on machines that use the Bash shell. The bug takes advantage of a security glitch present in the processing of Environment Variables, the variables that get initialized during system startup and define control settings for many programs and system processes. By manipulating the variables, attackers can take control of a machine without even supplying a username/password and spread dangerous code from one computer to another. The scariest part is that the bug doesn’t require a lot of system knowledge or advanced tools so even novice hackers can use it to target other systems.

Security experts warn that millions of computers are at risk of getting infected by the Shellshock bug. While common sense says that only machines running the bash shell should get affected by the bug, in reality the vulnerability could be passed on to systems that do not use the Bash interpreter by default (such as Windows). The vulnerability could also spread to personal computers running on Linux, Mac or Unix that frequently connect to unsecured wireless networks (such as public Wi-Fi hotspots). Since a majority of web servers run on Linux and have Bash enabled, the vulnerability could spread real fast to all the corners of the globe. Security experts have already seen instances of the bug being used to target Web servers, DHCP clients, SSH and Browser plugins.

The Shellshock vulnerability could have a severe impact on the bottom lines of online businesses. Since the vulnerability could spread from web servers to clients, financial websites and ecommerce stores would need to evaluate whether their systems are vulnerable to the bug and patch it as soon as possible. The risk of not doing anything is too great since it could compromise the personal details of millions of customers and lead to significant downtimes and lost sales in the future.

How To Check If Your Computer Is At Risk?

If you use an Operating system that has Bash enabled, you should check whether your machine is at risk of getting infected immediately. Most vendors have already published details on how to test a system for the vulnerability so all you need to do to evaluate your system is run the code supplied by your vendor. Some vendors have even issued patches for the bug so if your vendor has already done so, install the patch as soon as possible. However, if your vendor has not yet issued an update related to the Shellshock bug, you should uninstall and stop using Bash till the time a patch is supplied by your vendor.