There is a new critical bug affecting all computers running Unix-based operating systems like Mac OS X and Linux and it is called “Shellshock”. Some analysts warn it could be worse than Heartbleed, a vulnerability within web encryption library OpenSSL which caused a stir this year as it theoretically allowed attackers to take over websites. Shellshock bug is a vulnerability affecting all versions of the bash package as shipped with most of the Linux distributions. It is listed as CVE-2014-6271, CVE-2014-7169. Bash, an acronym for Bourne Again Shell, is a command-line shell. This lets users issue commands to launch programs and features within software by typing in text. It’s typically used by programmers and shouldn’t be open to the wider world, though Shellshock changes that.
The Shellshock bug affects all products which use the Bash shell and parse values of environment variables. Shellshock Vulnerability is especially dangerous as there are many possible ways Bash can be called by an application. Quite often, if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such. So any Linux/Unix servers are vulnerable to Shellshock bug.
Which versions of Bash are affected?
It is said that everything through 4.3 or in other words, about 25 years’ worth of Bash versions. Everyone keeps comparing this to Heartbleed, considering that the impacted versions of OpenSSL spanned a mere two years which is a drop in the ocean compared to Shellshock. People don’t upgrade their versions consistently therefore the number of at-risk machines are going to be much higher for Shellshock than it was with heartbleed.
Shellshock Bug Fix by Quintet
Don’t worry, Quintet Solutions is here to help. We shall patch your servers as needed and assist you in securing your servers and have peace of mind.
Related Services that we provide
Vulnerability assessment by OpenVAS
OpenVAS server is capable of performing security tests and collecting information. OpenVAS client provides a graphical interface for managing and performing such tests. Our team can setup OpenVAS for you and have your servers scanned for vulnerabilities and take prompt action to fix any issues reported.
Chkrootkit Security Services
Chkrootkit is a tool kit which contains scripts to check signs of a rootkit. At Quintet we have experience in removing rootkits and securing servers affected with them, worms, LKM etc. We perform security audit, script updates and patching, once the hacked system is recovered.
Flexible authentication using mobile
Duo Security offers the flexibility to choose the authentication methods, along with options to easily disable users, revoke credentials and audit access. Our team can install and configure Duo-security on your servers/mobile devices for authentication and help you secure your account logins.
ModSecurity Installation, Configuration and Support Services
ModSecurity enables web application defenders to gain visibility into HTTP(S) traffic and provides powerful rules to implement advanced protection. Quintet can help in Modsecurity installation/configuration and maintenance on Linux servers.
Security Consulting Services
Irrespective of being a normal network or a cloud environment, at Quintet, our experts will keep your systems safe from any type of attacks that may hit your system. Constant System Audit and health checks are done by us. We regularly update systems to renounce vulnerabilities forever.
Server Management Services
Quintet offers you proactive server management services that combine with expert advice with essential server management tasks to keep your business online. We manage all aspects of your servers day-to-day operations. With us you are covered for installations, maintenance, OS updates, troubleshooting, monitoring and much more. 24/7/365 days of Support assured !
Your team at our place
Avoid all the hassles of managing a team at your premise by handing us over the webhosting support tasks. Our team will efficiently interact with your customers assisting them to have the best experience of utilizing the services you offer. We work around the clock and there is no time zone limit.
Web Development Services
Quintet is a Web Design company which is dedicated to providing customers all around the world with the latest best-of-class feature rich web sites for presenting your products and services. Creating the best web applications with uncompromising usability, security, scalability and reliability using the latest technologies is our speciality.