Advertisement

What You Need To Know About ‘Bash:’ The Dangerous Bug That’s Been Hidden In The Web For 20 Years

Lisa Eadicicco
Updated
hacker-identity-theft-fraud
hacker-identity-theft-fraud

Flickr via altemark

A newly discovered bug could make it possible for hackers to remotely issue commands to Web servers — which could mean big trouble for companies whose servers are affected, according to a few cyber security experts.

The issue, which is currently being called the “Bash” bug or “Shellshock,” was discovered by the security team at software company Red Hat on Wednesday.

Some experts are calling the Bash bug an even larger threat than the Heartbleed vulnerability, which was discovered in April and is still known to be affecting thousands of devices. 

Bash is something that will affect companies more than humans because it involves web servers, and most every users aren’t running their own web servers. 

Here’s a detailed overview of what it is and who might be affected.

What It Is

Bash screenshot
Bash screenshot

Wikimedia Commons

What a Bash session looks like

The Bash bug is a vulnerability that can allow a hacker to issue remote commands to web servers. Since the bug makes it possible for a hacker to tell a server to do anything he or she wants, there’s a risk that private information can easily be stolen from affected servers.

The exploit affects servers and systems that use a language interpreter called Bash to process commands. Certain versions of Linux and Unix use Bash, and Mac OS X 10 Mavericks also uses it since it’s based on an underlying Unix platform, Satnam Narang, a security response manager at cyber security firm Symantec, told Business Insider.

But that doesn’t mean every single device running on Linux is vulnerable to the Bash bug. 

“There’s a list of requirements that makes these servers vulnerable,” Trey Ford, global security strategist for Rapid7 told Business Insider. 

According to Ford, servers using the bash shell (or interpreter) are only vulnerable if they’re capable of passing commands remotely over the internet. That’s what could make it susceptible to intruders.

The vulnerability has been around for about 20 years — as long as Bash has been implemented in operating systems — but has only been discovered this week.

“Testing software is really hard,” Ford said. “Software is written by humans. Humans are inherently flawed; we make mistakes. Those mistakes manifest themselves inside the code. Sometimes it take a long time for these vulnerabilities to be identified.” 

Why It’s So Dangerous

Although the Bash bug won’t affect nearly as many devices as Heartbleed, the consequences could be much more severe. That’s because Bash allows hackers to remotely execute commands, while Heartbleed only allows intruders to steal information from servers. 

“This is definitely much different than Heartbleed and has much larger of an impact,” Narang said.

If a hacker can identify a vulnerable server, he or she can perform a number of different types of requests.

“The most important one is [hackers] can tell that server in a command, ‘Hey, why don’t you connect back to me so I can see what’s on your server,’” Narang said. “They can also get that server to send back information from it via email.”

One of the biggest problems, however, is that many systems that don’t get updated regularly won’t receive the necessary patch to fix the vulnerability. This can include things like routers, which aren’t updated very frequently, according to Narang.

Who Should Be Worried About It

The Bash bug also differs from Heartbleed in that its scope is much smaller. Bash isn’t likely to affect your everyday user. But it could have detrimental effects for any company with a web presence.

“You can be fairly confident that anyone that manages an internet presence or an enterprise, all around the world have administrative teams online watching this,” Ford said. “The whole world is scrambling to understand what this means for their company.”

But, as Ford mentioned earlier, not every device running some form of Linux, Unix, or Mac OS X 10 Mavericks is vulnerable. It’ll most likely impact businesses running their own servers, and Narang notes that there probably won’t be any impact on Windows devices.

What You Can Do To Be Safe

The complete patch for this bug is still underway, but there are some precautions you can take in the meantime. If you can take your servers offline without it posing too much of a risk to your business, it may be a good idea to do so, Ford said. Using a firewall for your website might help, but there’s no guarantee.

In the meantime, administrators should look through the server logs to make sure no suspicious commands have been given. 

This post in Stack Exchange (via The Verge) also tells you how to see if your Mac system is affected.

Read more stories on Business Insider, Malaysian edition of the world’s fastest-growing business and technology news website.