Shell Shock Rapid 7 Threatsweeper
By now, you may have heard about CVE-2014-6271, also known as the “bash bug“, or even “Shell Shock”, that may affect your organisation. It’s rated the maximum CVSS score of 10 for impact and ease of exploitability. The affected software, Bash (the Bourne Again SHell), is present on most Linux, BSD, and Unix-like systems, including Mac OS X. New packages were released today, but further investigation made it clear that the patched version may still be exploitable, and at the very least can be crashed due to a null pointer exception. The incomplete fix is being tracked as CVE-2014-7169.
How do you protect yourself?
The most straightforward answer is to deploy the patches that have been released as soon as possible. Even though CVE-2014-6271 is not a complete fix, the patched packages are more complicated to exploit. We expect to see new packages arrive to address CVE-2014-7169 in the near future. If you have systems that cannot be patched (for example systems that are End-of-Life), it’s critical that they are protected behind a firewall. And test whether that firewall is secure.
How can we help?
Pentura Threatsweeper service (Powered by Rapid7) has been updated with authenticated and remote checks for CVE-2014-6271. Checks for CVE-2014-7169 will follow as soon as they are verified.
If you have any questions, please contact the Pentura support team: firstname.lastname@example.org
The Pentura Team