A vulnerability in Unix-based operating systems using the command interpreter called Bourne-again shell or Bash has been discovered last week by an IT engineer named Stephane Chazelas taking the security world by storm. The severity of the bug and the wide spread use of Bash has led mainstream newspapers such as BBC, CNN, Guardian, and so many prominent security bloggers and researchers to report on the story. Social media is also rife with people discussing, commenting, showing concern, and even joking about it.
Bash exists on many operating systems, including embedded ones such as the ones running on Android phones, Wi-Fi routers, and even TVs, making the vulnerability widely spread and possibly the biggest in history. The simplicity with which the vulnerability can be exploited has given the bug a critical severity with most vendors advising prompt patching. If the bug is exploited by attackers, they can gain unauthorized information such as passwords and configuration files or can take over the system completely.
This looks like it is going to be a security nightmare for enterprises for many weeks to come as they rush to patch their vulnerable servers before the bad guys get to them. With that said, it is time for me to go back and do the discovery of this dirty bug and put in the remediation strategies for our infrastructure.
Below are some resources on this topic: