Friday, September 26, 2014

Shell-shocked after Heartbleed? All you need to know about Bash bug & how to protect your data w/ IBM Endpoint Manager

Originally published at ServiceManagement360.com by Rohan Ramesh on September 26, 2014 
---
Just when you thought the worst was over for the year packed with security incidents from POS attacks to the Heartbleed bug, now we hear about the “Bash bug” that threatens to compromise everything from web servers to connected cameras and IOT devices.

What is the Bash bug?

This vulnerability was discovered by Stephane Chazelas and announced on the OSS-SEC mailing list (in addition to other security forums). This bug, which has been unnoticed for over two decades, allows attackers to execute malicious code within a bash shell (this is typically the command prompt on PCs, Macs and Linux machines), allowing them to overwrite authentication information and gain access to confidential information by taking control of the operating system.

If you thought the Heartbleed bug was bad, this is worse. It has been given a severity rating of 10 / 10 by the national vulnerability database and is predicted to leave a far larger number of endpoints unpatched due to the inability to identify all possible vulnerable devices in your organization.

What devices are affected?

The Bash bug affects Linux and Unix machines as well as hardware running Mac OSX, with the most vulnerable being web Apache –HTTP Server, and scripts executed by DHCP clients. This also affects a number of connected “Internet of Things” devices that have software built using Bash scripts. This could be anything from your cctv cameras to an Internet-connected light bulb in your home. Given that this bug has been around for a while, there may be older versions of OS on systems & devices that are vulnerable as well.

How do you protect your endpoints and data?

Within a day of the bug being disclosed, attackers are already looking for ways to target your systems – proof of concept code that exploits Bash using CGI scripts are already floating around the web.

There are two parts to fixing the problem. First, you need to identify every system within your organization on and off your network that is affected by this bug. Given the global reach of companies today, finding out these systems take time and even then, not all systems are identified. Second, you need remediation by applying a patch to all these systems, and many of them could be running different versions of operating systems. That means you need to apply a different patch for each type of OS. This adds to the complexity of getting all your systems patched in time.

What can IBM Endpoint customers do
to patch this vulnerability?

With IBM Endpoint Manager Client, which supports more than 90+ different flavors of operating systems, you can quickly enable “detection tasks and analyze content” through our patch support site, which will identify any systems that are vulnerable.

Task 1828: Check for “Shell Shock” bash Vulnerability (CVE-2014-7169)

Analysis 1829: “Shell Shock” bash Vulnerability (CVE-2014-7169) Status

Our security experts are working around the clock to update IBM Endpoint Manager to release patches that have been issued by operating system vendors. These can be applied to all your systems through the single centralized Endpoint Manager console. For instructions on how you can identify affected endpoints in your organization and a full list of operating system patches that have been released, click here.

If you currently do not have IBM Endpoint Manager, visit my website and contact me today to get our unique Unified Endpoint Management solution, which can find and fix problems across all your devices –from servers to smartphones – on and off the corporate network within minutes. Contact us on twitter @IBMEndpoint with any questions or concerns.

“This is high-quality, useful information and support. You and the IBM Endpoint Manager (BigFix) team continue to make us look good. Keep it up.”– Current IBM Endpoint Manager Customer