Mac OS X among those that BASH vulnerability could cripple

No more BASHing
Blame the BASH feature

System administrators all over the world have woken up to yet another major security scare - after the Heartbleed bug back in April, this time, one that affects UNIX-based operating systems including Linux, Mac OSX and potentially Android – which has roots in UNIX.

The BASH bug (or Shellshock) as it is now known was discovered yesterday by security researchers working for open source company, Red Hat and because platforms affected are ubiquitous, one should expect more damage than Heart Bleed.

Indeed, what makes it so worryingly dangerous is that it affects everything that runs GNU's Bourne Again Shell (otherwise known as BASH) and are connected to the internet.

This includes any Internet-of-things devices like video cameras that operate using web-based BASH scripts. These are not only difficult to patch but also difficult to track and audit, which makes in-the-wild exploits very likely.

ESET's Mark James gives a simple routine to find out whether your systems are affected. Type

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

The output on a vulnerable system will read

vulnerable

this is a test

A patched or unaffected system will output:

bash: warning: x: ignoring function definition attempt

bash: error importing function definition for 'x'

this is a test

He added that the bug has been around for a very long time and the community doesn't really know how many systems are actually affected by it.

TOPICS
Desire Athow
Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website builders and web hosting when DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.