The Shellshock “Bash Bug”

The Shellshock “Bash Bug”

The Problem

The Shellshock Bash Bug is a vulnerability that affects many devices using Linux and Unix operating systems including servers, routers, Android phones, and Mac computers.

The Bourne Again Shell (Bash) is a common piece of system software that acts as a command language interpreter. It’s the thing you use to tell your computer what you want it to do. In other words, it allows you to type commands into a text window, which the operating system will then run.

The Bash Bug lets attackers take control of an affected device and install programs or run commands.

What is ITS Doing?

ITS staff and security team have reviewed many ITS-managed systems to find vulnerable Bash instances and apply patches.

ITS has added monitoring to detect active exploit attempts and will alert administrators whose systems have been compromised. In this event, you will receive a notice from ITS asking you to take action. If you are accountable or responsible for Linux-based systems, please check your own systems for the vulnerability.

ITS security team have also put in place monitoring to detect active exploit attempts and will alert individual admins whose systems have been compromised. If you are one of these people, you will receive a notice from ITS asking you to take action.

ITS is working to ensure that the UCSC enterprise systems (e.g., Google Apps, MyUCSC, Gold password login, AIS, FIS, eCommons, IT Request ticket system) are not affected by the Shellshock Bash Bug. ITS is also reviewing the status of systems hosted by off campus vendors, (e.g., CruzPay, RMS).

What YOU Can Do:

First off, don’t panic. This is a vulnerability that primarily affects servers under certain circumstances, so there is not a lot that you can do. ITS staff and other people around the world are working on reducing the risk for everyone.

There are some things you can do now:

  • If ITS staff tell you that you have a vulnerable system, please take action to patch as soon as possible.
  • ITS expects Apple will release a MacOS X patch. Please follow the standard software update process to install this expected security patch.
  • Be skeptical of any email asking you to change passwords. Scammers will take advantage of this situation. Know the source of where that email is coming from or call the company to find out if it’s legit.
  • Remember that legitimate UCSC emails from ITS never ask you to respond with sensitive/personal information such as password, SSN, or bank account number.
Content of this article is from http://its.ucsc.edu/news/security-news/bash-bug.html All content on this webpage is provided solely for visitors’ convenience. Links taken to other sites are done so at your own risk and MeritSecurity.com accepts no liability for any linked sites or their content. When you access an external Web site, keep in mind that MeritSecurity.com has no control over its content.