We still haven't quite gotten over the immense danger that Heartbleed posed to the Internet and now Bash is possibly trying to take a lead over the Hearbleed. Latest reports from experts claim that the Bash bug, also known as Shellshock, could affect the entire Internet leading to a possible Internet meltdown!
Presence of Bash bug over Internet:
Bash bug is a vulnerability in the vastly accessed Bash shell utility of Linux. The bug allows for remote code execution letting an attacker to exploit it for malware distribution. This extreme level of access can target web servers and the network devices especially the PHP-based web applications. The entire possibility of having an attacker the access to servers and services would lead to a point where all of the Internet could fall a victim to this bug, a phenomenon never yet seen.
CloudFare, the content delivery network reports that hackers are actively trying to exploit this vulnerability and download malware on the machines, get remote access, get password files among others, reports The Verge. The problem with the Bash big is the inability of assessing the actual level of damage that has been done and could possibly happen. From servers to the smart devices, everything could be affected and hardly patched.
Security blog Sucuri reports that thousands of cPanel sites are also at risk:
Almost every server in the Internet is vulnerable to it (every server has Bash). But not all sites are actually exploitable ... As we started to scan our clients sites (and the Internet as a whole) we found that about 2.9% of all sites we scanned were vulnerable to this problem. All of them were running cPanel and had these 2 files available:
/cgi-sys/entropysearch.cgi /cgi-sys/FormMail-clone.cgi
Sucuri also recommends to ensure that mod_cgi is not enabled in the backend even if you are using mod_php for web applications like WordPress or Joomla. In a similar scan, Errata's Robert David Graham found 3000 vulnerable system in a limited IP scan. Graham also reported that embedded web servers on odd ports were specifically at risk. Bash bug is definitely giving the digital world a shock with an increased realization of the impossibility of fixing it all and fixing it for a long time. However, the patches are being released for various Linux distributions and should work until some permanent fix is worked out.
