3aIT Blog

Last week, a vulnerability (codenamed "Shellshock") was found in a tool called "Bash". This programme is installed by default on millions of machines, especially servers. Bash is a command line interface that is frequently used as the primary point of access to do carry out whatever tasks need performing on these machines.

The bug (technical details here) allows, in certain cases, full control of the machine by an attacker. Another big problem with this bug is that exploiting it only requires a very low level of knoweldge. Therefore, as expected, there are already many sightings of attempts to use this method to attack machines.

The bug was patched last week. An inital patch was released the day after the bug was announced. It turned out this did not completely fix the issue, so another patch was released the following day.

If you manage any servers with Bash installed, it is highly recommended that you test each of them for this vulnerability, and patch accordingly. There's some details on how to test this on this website.

For our part, we performed these checks on all servers we manage as soon as this bug became public, and applied all patches as they were released.