Scan Your Perimeter Servers for Shellshock
Officially known as CVE-2014-6271, this vulnerability, cordially termed ShellShock, has been assigned the highest CVSS score of 10, a score that the notorious HeartBleed did not achieve. The high score is more than warranted. The vulnerability is very easy to exploit allowing pretty much every script kiddie to take control of a vulnerable server and execute arbitrary code.
Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell. The first disclosed on the vulnerability on 24 September 2014. Many Internet daemons and services, such as web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bah to execute arbitrary commands such as to gain unauthorised access to a computer system.
Shellshock, dubbed the BIG BUG of 2014, is a vulnerability which was assigned the highest CVSS score of 10, a score that not even the notorious HeartBleed achieved. This Bourne-again Shell (Bash) vulnerability is very easy to exploit allowing hackers to take control of a vulnerable server and execute arbitrary code.
Ensure that all the organisation’s services do not suffer from Shellshock and other vulnerabilities. This can now be done for FREE with Acunetix Online:
- Scan your servers, FTP and mail for over 50,000 network vulnerabilities including Shellshock, Heartbleed and POODLE
- Audit your Internet facing servers, identify system and network weaknesses and any Trojans installed unintentionally
- Identify any vulnerable versions of applications running on the servers
- Discover the information that the systems are leaking using various techniques such as OS fingerprinting, port banner grabbing and service probing
Acunetix has already been updated to identify web servers vulnerable to ShellShock. The next time you start Acunetix WVS latest version, you will be prompted to install an update, which includes detection of ShellShock.
For interest to know more about how it impact on business infrastructure, and how the E-SPIN carry solutions can help to resolve the case, please feel free to contact E-SPIN officers across the region.