Attackers have wasted no time at all in exploiting the Shellshock Bash vulnerability.
In light of this, Gavin Millard, EMEA technical director at Tenable comments on how the recent exploitations are just the tip of the iceberg:
"It is of no surprise that we are starting to see hackers exploiting shell shock. A worm was quickly created yesterday to exploit systems as well as a proof of concept to take advantage of OS X machines acquiring an IP address with DHCP. Unless administrators are on top of ridding their systems of vulnerable versions of bash, attacks like we've seen in the last 24 hours are just the tip of a very ugly iceberg. It is of upmost importance that admins identify every system running bash and update them appropriately.
"With the ease of exploit and proof of concept code out there, anyone with only a basic understanding of shell scripting can attack systems."
In addition Rich Walchuck, Tenable's director of engineering, offers advices to organisations wishing to determine if they are vulnerable:
"The key focus is that the attacker has to have a remote interface that will call bash to exploit the vulnerability. The bigger concern is that in the Unix world, that includes a lot of services. While Windows-based systems do not include bash by default, they may have an add-on bash (Cygwin, win-bash) program that can possibly be exploited. Remember, the vulnerability is in the underlying shell, so it may be on any operating system that can run the shell.
"CVE-2014-6271, which is commonly being referred to as “Shellshock”, allows a variety of remote attacks, mainly through Linux web servers that run CGI scripts. However, popular services such as Secure Shell (SSH) and even internal network protocols that run on Unix-based systems, such as DHCP servers, may be vulnerable. Shellshock also allows a variety of privilege escalation attacks where a non-administrator Unix user could cause commands to be run as root."