Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

9/29/2014
02:03 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Tripwire Releases Comprehensive Coverage for Shellshock Bash Bug

Industry leader releases free detection tools for vulnerability considered more severe than Heartbleed

PORTLAND, Ore. September 29, 2014 Tripwire, Inc., a leading global provider of advanced threat, security and compliance management solutions, today announced detection for Bash “Shellshock” (CVE-2014-6271). The Shellshock vulnerability affects Unix, Linux, BSD, OS X and other Unix derivatives and was announced on September 24, 2014, by Akamai security researcher Stephane Chazelas.

All Tripwire vulnerability management products, including Tripwire® IP360™, Tripwire® PureCloud  and Tripwire® SecureScan, provide authenticated and unauthenticated checks for Bash. Tripwire® Enterprise also provides coverage for Bash Shellshock using custom rules and policies. In addition to this comprehensive coverage, Tripwire VERT has also released a free tool that can be used to detect Bash on a wide variety of devices and applications.

“This vulnerability is more severe than Heartbleed,” said Lamar Bailey, director of Tripwire’s Vulnerability and Exposure Research Team (VERT). “If an attacker is successful, he or she can take complete control of the target system. Unfortunately, this is one of the rare vulnerabilities with the potential to be a wide-scale worm because it is extremely easy to exploit and there are millions of vulnerable targets.”

The Bash shell processes commands for controlling Unix and Unix derivative operating systems. Attackers can exploit a vulnerability in Bash to take complete control of targeted systems by passing commands that execute arbitrary code. This additional code can be used to load malware, delete content and steal data. In addition, security experts warn that this bug is “wormable” – a self-propagating condition that allows malware to spread rapidly from system to system without human intervention.

Unix and Unix derivative operating systems are used in a wide variety of consumer and networking products, as well as many other devices found across the enterprise, including:

  • Tablets and smart phones.
  • VOIP equipment.
  • Badge sensors.
  • Firewalls, routers and switches.
  • Printers, 3D printers and scanners.
  • ‘Smart home’ appliances including HVAC controllers and other smart appliances.
  • Smart TVs, video projectors and cameras.
  • Smart meters for energy.
  • Industrial controllers.
  • Point of sale devices and handheld barcode scanners.
  • Wearable devices including Google Glass, smart watches and health monitors.

Since Shellshock can affect so many different devices, and because there are many applications that expose Bash, quickly finding and remediating this critical vulnerability across multiple machines can be a daunting task.

Tripwire SecureScan provides free vulnerability scanning for up to 100 IP addresses and includes comprehensive detection rules that discover Shellshock in a wide variety of devices. Tripwire SecureScan contains the same robust vulnerability checks included in Tripwire IP360, a vulnerability management solution used by the largest, most sensitive networks in the world.

“Despite Heartbleed, it is rare for a vulnerability to be both as extensive and severe as the Bash bug,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “This vulnerability has been around for a very long time, making the discovery of all the vulnerable systems on an enterprise network very challenging. Bash itself isn’t directly surfaced on the network, so you need to check potentially vulnerable systems, including many devices that are difficult or impossible to patch.”

To sign up for a free license of SecureScan, please visit: https://www.tripwire.com/securescan/?home-banner.

Additional Resources:

Free detection tool

VERT Alert

U.S. CERT Alert

Blog post covering exploit scenarios

About Tripwire

Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at www.tripwire.com, get security news, trends and insights at http://www.tripwire.com/state-of-security/ or follow us on Twitter @TripwireInc.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16192
PUBLISHED: 2020-08-05
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.
CVE-2020-17364
PUBLISHED: 2020-08-05
USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs.
CVE-2020-4481
PUBLISHED: 2020-08-05
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848.
CVE-2020-5608
PUBLISHED: 2020-08-05
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered c...
CVE-2020-5609
PUBLISHED: 2020-08-05
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to cre...