A new security vulnerability has been uncovered in one of the most installed Linux utilities. The problem stems from a bug in the Bourne again shell, or Bash, which serves as the default shell for Linux and OS X. The bug allows attackers who are aware of how it works to inject and execute their own commands on targeted systems. It is currently being referred to as the Shellshock bug and already being compared to Heartbleed in terms of scope and potential damage.
Red Hat has published a summary of the vulnerability, and has already issued a patch to fix all Red Hat related products. However, due to the ubiquitous nature of Bash, the number of systems and devices affected cannot be estimated. Many web-enabled devices like internet enabled run the shell to make it easier for programmers; patching these devices is incredibly difficult and it is unlikely that these will ever receive an update to fix the issue.
Security blogger Robert Graham has been looking into just how widespread the issue is, and has discovered that the vulnerability can be used to worm past firewalls to deliver malware directly onto systems. Graham raises the question of whether the Mac OS X and iPhone DHCP servers are also vulnerably, but has not gone into testing his hypothesis.
The issue with Shellshock is that it is not as easily fixed as Heartbleed. Unlike the OpenSSL vulnerability that mainly affected webservers that ran the particular form of encryption, Shellshock is spread out further and effects all sorts of things. This simply means that while it may not cause a single large problem now, it is likely to cause many smaller breaches of security over the next few years as many of the devices that run on Bash cannot be patched.
[Source: The Verge]