Last Wednesday, cybersecurity experts revealed a newly discovered security threat against a commonly used piece of Linux software, known as the “Bash Bug.” The Bash bug affects Bash software, a piece of software that controls the command prompt, and essentially tells your computer what to do. This software was created in 1989 and is used on various Unix-based systems, including Linux and Mac OS X. The Bash Bug poses a threat to systems employing Bash, as it allows hackers to take targeted control of devices and dictate their actions. By taking control of devices, hackers can then download malicious software, gain access to sensitive information, and make changes or delete files as they please.
The Bash bug comes just five months after the ‘Heartbleed’ bug was discovered, which exposed a flaw in OpenSSL. Hackers were able to exploit this flaw to spy on computers, but they could not take control of the device. This opened up the potential for hackers to expose passwords and other sensitive information on people’s computers. The Bash Bug has been deemed more complex than Heartbleed, given that hackers can now take full control of a user’s computer. It was given a rating of “10” for severity, indicating the potential for maximum impact on devices, and was rated “low” for complexity of exploitation, indicating it is relatively easy for hackers to exploit.
If you are using Tenable’s Nessus vulnerability scanner and would like to check your network for the Bash Bug vulnerability, check out https://discussions.nessus.org/thread/7914 for additional information. GraVoc’s information security practice also offers assistance with identification and remediation of vulnerabilities like Bash Bug and other security threats. Please feel free to contact us for more information.