Posted on September 24, 2014

Shellshock – The Bash Bug Vulnerability. What You Need to Know.

Before getting in to the technical stuff, the past couple days we have been busy behind the scenes securing all the servers we manage, so if you are a client that has Shared Hosting, Enterprise Hosting, Reseller Hosting, or any Server or Virtual Server that we manage, we have applied all the necessary patches and are continuing to monitor for any further updates.

For those of you that have one of our self managed servers or virtual servers, there is a bit of work ahead. Now we are happy to help with any questions you have in applying the necessary patches to your server.
For detailed information, please see the following:

https://access.redhat.com/articles/1200223

September 24, 2014 Update:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

September 25, 2014 Update:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169

We will continue to post links and updates as information becomes available.

September 24, 2014

Discovered by Stephane Chazelas, the Bash Bug vulnerability, nicknamed ShellShock, is a flaw that has existed for around 20 years that has only been recently found. It affects the way Bash evaluates certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands remotely to web servers. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. The web server is only vulnerable in this attack if the bash shell (or interpreter) is capable of passing commands remotely over the internet. And this is how your private information could be put at risk.

The exploit affects servers and systems that use the language interpreter called Bash to process commands. Certain versions of Linux and Unix use Bash, and Mac OS X 10 Mavericks also uses it since it’s based on an underlying Unix platform.

Heartbleed or Shellshock. Which one is Worse?

i_m_kind_of_a_big_deal

While Shellshock is not going to affect as many devices as Heartbleed did, the far reaching impact of both are severe. Heartbleed was restricted to allowing those nasty guys to only steal information, whereas Shellshock allows Bash to remotely execute commands (and steal information too). So the far reaching effect of Shellshock is vast, with one of the most dangerous aspects being that the hacker can easily find out what is on the server.

September 25, 2014

As has been widely expected the initial patch would not be the last. The complete patch has now been made (CVE-2014-7169) and has been applied to all Shared Hosting, Enterprise Hosting, Reseller Hosting, or any Server or Virtual Server that we manage.

Reports are surfacing as well that Shellshock has become “weaponized”, which means that malware is now being spread through this vulnerability.

For our self managed clients, please ensure you apply these updates as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

Trusted by Clients Across All Industries

Don’t take our word for it - let our happy clients do the talking. See More

Full Host did an amazing job of migrating my site seamlessly onto their server. My only regret was not switching my site over to them sooner. Now it is performing great, images are uploading way faster than ever before.

" Vancouver Sofa and Patio - Jerry Schmidt

Two thumbs up for Fullhost! Agents reply to me fairly quickly or at least let me know they received the ticket and are looking into it. Kudos to the support team as they have always given me exactly what I need without delays.

" Universal Staffing Inc. - Anthony Calvano

FullHost is an absolute pleasure to work with, and their customer service is exceptional. Whenever I have questions or need adjustments, they are there to help, quickly, efficiently, with answers and insights.

" Mooseworld Inc. Norine Leibel

The Fullhost team was a huge help in getting the website moved over and set up in a way in which we could correct the technical issues. They were quick, helpful and technically knowledgeable.

" Canadian Sport Institute Pacific Noah Wheelock

Our organization Has been working with FullHost for a couple of years now, and we have been thrilled with the service.

" Canadian Centre for International Justice / Philippe Kirsch Institute Pearl Eliadis

Exceptional is the word when it comes to FullHost. I started my own business and in the jungle of applications, licenses and registrations, FullHost had my back.

" Statsmen Matthias Bass

The customer service and support staff that I have dealt with have all been great. The move from my previous host was smooth thanks to the support staff at Full Host who moved my files over.

" Moose Web Design - Michelle Nortje

With coast to coast coverage,
We help you serve the world.

Whether your audience is located in Europe, Asia, Africa, or Australia, provide them with lightening speed!

FullHost's data centers are located in Toronto and Vancouver to ensure worldwide quality and speed.

Get in Touch
We Trust Only The Best Tech to Support You

FullHost operates with the most innovative technology to bring you unparalleled levels of hosting services.