One of the most commonly installed utilities on a Linux system, Bourne Again Shell(Bash), was vulnerable to a serious Remote Code Execution vulnerability. These vulnerabilities were documented as CVE-2014-6271 and CVE-2014-7169. This allowed an attacker with the ability to execute code on a remote server giving them an ability to possibly compromise the entire server. Unlike the Heartbleed vulnerability, the attacker does leave traces of performing the exploit in the apache logs.

Although this vulnerability is very wide spread, it mainly affects web servers that have CGI scripts setup. This also affects bash scripts that call environment variables, network dispatcher scripts, and git hooks. If you do not have any of these then there is nothing to be concerned about as the vulnerability does not affect you. If you have CGI scripts and would like to check if the vulnerability has been exploited on your server, feel free to contact us to check your apache logs. As soon as this vulnerability was disclosed, we were already in the process of patching the servers and currently all servers have the latest patch regarding the shellshock vulnerability.

Check Apache logs:

grep ‘() { :;};’ /var/log/httpd/name_of_access_log

Read More: