Shellshock is a set of vulnerabilities in the Bash shell used by a variety of operating systems including Linux and Mac OS X, as well as by numerous devices (servers, workstations, embedded systems, routers, machine tools, etc.)
Intrusion prevention systems of Stormshield Network Security protect your organisation proactively against remote exploitation of this flaw.
The security community is taking Shellshock very seriously, and believes that the vulnerability may be exploited by a range of malicious programs or computer worms. Given the number of vulnerable servers and devices connected to the Internet, worms could spread at an exponential rate. In this scenario, infected machines would, in turn, seek new victims in order to spread the range of the attack.
Even though technical research has shown that a very specific context is required in order for the vulnerability to be exploited, sensitive data could potentially be stolen from unprotected servers (web servers, file servers, etc.), and websites could be modified. In terms of more sophisticated attacks, it’s possible that infected servers could use other vulnerabilities in order to take control of the devices connected to them.
For more information about the vulnerability and its impact on our products, you can consult the security advisory here.