Site icon Check Point Blog

Protecting Yourself Against Shellshock

Note: This is a developing story. Check Point will provide updates as additional information becomes available. Check Point strongly encourages organizations to take action and understands how fixes and protections work in order to minimize their exposure and avoid introducing new problems.

What is Bash and Shellshock?

Bourne Again Shell, also referred to as Bash is a command-line shell used commonly in Apple MAC OS X and Linux/UNIX operating systems. On September 25th, “Shellshock”, a critical vulnerability related to Bash was discovered (CVE-2014-6271 and CVE-2014-7169). According to the US-CERT, if exploited, this vulnerability enables attackers to remotely execute shell commands by attaching malicious code in environment variables used by the operating system.

It is important to note here that CVE-2014-7169 supersedes CVE-2014-6271. Solutions for CVE-2014-6271 do not completely resolve the vulnerability. It is advised to install existing patches and pay attention for updated patches to address CVE-2014-7169.

In what ways might this vulnerability be exploited?

GNU Bash versions 1.14 through 4.3 contain a flaw that processes commands placed after function definitions in the added environment variable, allowing remote attackers to execute arbitrary code via a crafted environment which enables network-based exploitation. Many UNIX-like operating systems, including Linux distributions, BSD variants, and Apple Mac OS X include Bash and are likely to be affected. Critical instances where the vulnerability may be exposed include:

In what ways might this vulnerability be exploited? How dangerous is the GNU Bash vulnerability?

The scope of the Shellshock vulnerability is much more pronounced than the OpenSSL Heartbleed vulnerability. Heartbleed allowed remote access to small amount of data in the memory of affected machines.  Shellshock enables remote code injection of arbitrary commands without any authentication.  This is deemed exponentially more dire.

Affected Operating Systems

How does Shellshock affect you and your organization?

This vulnerability is classified by industry standards as “High” impact with CVSS impact sub score 10 and “Low” on complexity, which means it takes little skill to exploit this particular vulnerability. This flaw allows attackers to provide specially crafted environment variables containing arbitrary commands that can be executed on vulnerable systems. It is especially dangerous because of the prevalent use of the Bash shell and its ability to be called by an application in numerous ways.

Recommendations: Protecting your organization

Check Point customers

Most Check Point portals are not vulnerable to the Shellshock exploit. Specifically Mobile Access, IDA portal, and UserCheck portal are not vulnerable while GAiA and SecurePlatform Admin WebUI may be susceptible to environment changes caused by this exploit. At the time of writing, Check Point is not aware of any exploits on its solutions.

All customers

Testing for the Shellshock vulnerability

   To determine if your Linux or Unix system is vulnerable, from a command line, type:

            env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

  If the system is vulnerable, the output will be:

  vulnerable

  this is a test

  An unaffected (or patched) system will output:

  bash: warning: x: ignoring function definition attempt

  bash: error importing function definition for `x’

            this is a test

   An online tool to test the vulnerability is available at:

Related links:

Exit mobile version