Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Issues Shellshock Detection Plugins, Wizard, Dashboard

As many of you know, a major vulnerability was discovered yesterday. CVE 2014-6271 and CVE 2014-7169, known as “Shellshock” in the media, affects Linux and OS X and Unix systems that use any version of Bash 4.3 and lower. The Bash shell is one of several different command shells used with Unix and is also a way to invoke scripts. What makes Shellshock unique is the impact it could have on the security of the Internet and the difficulty in detecting all attack vectors. In short, Shellshock’s effect could be similar to Heartbleed’s impact.

Due to the ease of exploit, Shellshock is a prime candidate for a worm

The Shellshock vulnerability allows a variety of remote attacks, most likely through Linux web servers that run scripts, but also through popular services like Secure Shell (SSH) and even internal network protocols such as DHCP servers running on Unix. It also allows a variety of privilege escalation attacks where a non-administrator Unix user could cause commands to be run as root.

The potential for attackers utilizing Shellshock is huge. With millions of Unix and Linux servers being vulnerable and running web services that hackers can connect to, the attack surface is staggering. Not all of the attack vectors have been discovered, but just Linux running Bash and mod_cgi accounts for a significant number of systems. The ease of attack is also a big concern; a crafted HTTP post with the right characters can enable any would-be attacker to upload files, modify HTML, or dump system files for further analysis.

The attack surface is staggering

On the surface, the general public does not appear to be at risk due to Windows being the consumer’s platform of choice. But attackers could easily upload malware to trusted destinations on the Web to infect uninformed visitors. Due to the nature of the vulnerability and the pervasiveness of Bash, some of the “Internet of Things” devices we now have in our homes and businesses could also be vulnerable, leaving home users with a significant security risk.

Unfortunately, due to the ease of exploit, Shellshock is a prime candidate for a worm. We could be looking at another SQL Slammer-like worm. But instead of 100,000 servers being affected, it could be more like 100,000,000, which could be catastrophic. It is of critical importance that you scan your networks now with Nessus or SecurityCenter to identify where Bash is installed and update it with the patches that are being released by the operating system vendors. 

Update: Wizard and Plugins added to Nessus

Tenable has released a series of Nessus plugins to do patch checks, to test for the Shellshock vulnerability via SSH with an authenticated scan, and to test for the vulnerability via HTTP(S).  Visit the Nessus Newest Plugins page for the complete list of available plugins.

The Nessus scanner also has a new Policy Wizard for Bash Shellshock Detection. When you create a new policy and run the wizard, it will download and use the Bash plugins. Brief instructions are in our Discussions forum.

Update: Dashboard and Report added to SecurityCenter

SecurityCenter now includes a Shellshock dashboard and report to help determine if your systems are vulnerable to Shellshock. These components are available in the SecurityCenter Feed.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.