by Cody Dumont
September 26, 2014
'Shellshock', a dangerous vulnerability in bash, presents a critical security concern for network-attached devices such as web servers. This report presents several components that can assist an organization in determining if it has systems vulnerable to Shellshock. These chapters display alerts from several new plugins released by Tenable to detect Shellshock.
A critical vulnerability in bash (Bourne Again SHell) versions through 4.3, the default shell for many Linux and Unix distributions including Mac OS X, presents a critical security concern for network-attached devices that use bash, especially those with an attack vector that can be exploited remotely (e.g., web servers, SSH servers, and likely much more). This vulnerability, known as 'Shellshock', may be potentially bigger than Heartbleed and much easier to exploit. This report presents several components that can assist an organization in determining if it has systems vulnerable to Shellshock. These components display alerts from several new plugins released by Tenable to detect Shellshock (CVE-2014-6271,CVE-2014-7169,CVE-2014-6277,CVE-2014-7186,CVE-2014-7187,CVE-2014-6278).
The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the SecurityCenter Feed under the category Security Industry Trends. The report requirements are:
- SecurityCenter 4.8.1
- Nessus 5.2.7
- LCE 4.4.0
- PVS 4.0.2
Tenable's SecurityCenter Continuous View (CV) is the market-defining continuous network monitoring platform. SecurityCenter CV includes active vulnerability detection with Nessus and passive vulnerability detection with the Tenable Passive Vulnerability Scanner (PVS), as well as log correlation with the Tenable Log Correlation Engine (LCE). Using SecurityCenter CV, an organization will obtain the most comprehensive and integrated view of its network, and can react quickly to threats such as Shellshock.
Executive Summary: A summary of the overall status of systems vulnerable to Shellshock.
Shellshock Event Key Indicators of Compromise: This chapter presents analysts with specific details with regard to the following detected events: Linux Segfaults in Bash, User Commands with ParentID, and New Commands. Reported are the number of systems affected, as well as the number of events detected, across the last 7 days.
Shellshock Vulnerable Systems By Operating System: This chapter presents those systems that are vulnerable to Shellshock, grouped by *nix operating system. For each operating system, a section is included detailing both the vulnerabilities and the systems affected. A summary indicator component is presented below.