There is a new vulnerability in the commonly used UNIX shell BASH, which the media is now calling Shellshock.
What is Shellshock?
A new vulnerability has been found that potentially affects most versions of the Linux and UNIX operating systems, in addition to Mac OS X (which is based around Unix). Known as the “Bash Bug” or “Shellshock,” the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271) could allow an attacker to gain control over a targeted computer if exploited successfully.
The vulnerability affects Bash, a common component known as a shell that appears in many versions of Linux and UNIX. Bash acts as a command language interpreter. In other words, it allows the user to type commands into a simple text-based window, which the operating system will then run.
For full details see: the Symantec Security Outbreak site for Shellshock
As of now following are the Shellshock-related CVEs:
- CVE-2014-6271
- CVE-2014-7169
- CVE-2014-7186
- CVE-2014-7187
- CVE-2014-6277
- CVE-2014-6278
Because of the attention Shellshock has brought to Bash and the early Shellshock-related patches, this number could still grow.
Are the Symantec Data Center Security & Compliance products vulnerable to Shellshock?
The Symantec Data Center& Compliance products, which include the following brands listed below are not vulnerable to this vulnerability:
- Symantec Data Center Security: Server and Server Advanced (DCS: S and DCS: SA)
- Critical Systems Protection (CSP)
- Control Compliance Suite (CCS)*
- Enterprise Security Manager (ESM)
- Symantec Risk Automation Suite (SRAS)
* None of CCS modules including CCS Standards Manager (CCS SM), Policy Manager (CCS PM), Risk Manager (CCS RM), Assessment Manager (CCS AM), Enterprise Security Manager (ESM), and Symantec Risk Automation Suite (SRAS) are vulnerable to the Shellshock vulnerability. We are currently assessing Vendor Risk Manager (CCS VRM) and Virtualization Security Manager (CCS VSM) and will provide the update once the evaluation is complete.
How can customers leverage CCS to protect themselves against the Shellshock vulnerability?
Control Compliance Suite isn’t a vulnerability assessment product; however at any point in time you can have CCS run a query to identify exactly which versions of Bash you have on your various Linux and UNIX systems.
The sample XML file can be imported to create a query which when executed displays details of various Operating Systems.
You can sort by clicking on the Package Version column header to group similar systems together to identify groups that need patches. Or you can put a specific version you want to patch in the search box to filter the list to only relevant systems.
To import the Bash Version query to detect vulnerable assets:
- In the CCS Console, navigate to Manager > Queries > Import.
- Import the attached sample XML file (image) to create a query.
- Execute the query on UNIX assets.
- In the Query results details pane view the vulnerable package (Package Name) and version (Package Version) on target.
CCS customers can also take advantage of the auto-discovery capabilities to discover rogue assets as well as to find rogue assets and identify which Apache web services are installed by default, but not used. With this information, the customer can then utilize Critical Systems Protection or DCS: Server Advanced to invoke the IPS, application control, and sandboxing capabilities to harden their infrastructure.