Today we are releasing new Deep Discovery rules to detect attacks attempting to exploit the recently exposed Shellshock (CVE-2014-6271 and CVE-2014-7169) vulnerability.
This vulnerability represents an important and widespread risk to organizations of all sizes. It is found in Bash, the dominant shell for Unix and Linux, and can also be found in Mac OS X, some Windows server deployments, and even Android. That means over 500 million web servers are affected, not to mention desktops, servers and other devices.
The vulnerability enables remote code injection of arbitrary commands without authentication, potentially allowing malicious code execution that could be used to take over an operating system, access confidential data, or set the stage for future attacks. With a NIST severity score of 10 (out of 10), it merits special attention. Unlike the recent Heartbleed vulnerability, it is even more prevalent and easily accessed, making it a much bigger risk to organizations.
Detection With Deep Discovery Inspector
Of course you’ll want to virtually patch and ultimately, permanently patch systems. But complete patching protection will take time. In the interim, Deep Discovery detects attempted exploits of this vulnerability on any system, anywhere on your network – alerting you to a potential system intrusion in real time.
If you are a Deep Discovery customer, your updated Deep Discovery detection rules are probably already operational. If not, they will be with your next scheduled auto-update.
If you’re not a Deep Discovery customer, Shellshock is yet another example of why you should deploy an advanced threat protection system, and why Deep Discovery Inspector should be at the top of your evaluation list. The unique 360-degree detection benefits include: