Impact of Shellshock Bash Bug on Cloud Computing

A considerable impact of Shellshock Bash Bug on the Cloud Computing Service providers has been seen. Here are the technical details. Shellshock is the name of the dangerous bug that plagues the Bash shell, the utility which is widely used in all UNIX, Unix-Like systems in clouding our Mac (OS X). Those who do not have idea about UNIX Shell can read this article.

And the news regarding the discovery of a new and dangerous bug in the Bash shell utility widely used was assumed to be more devastating than Heartbleed, because of the number of devices uses software-based bash scripts : in addition to server and also PC firewalls, routers, and many others uses it.

Impact of Shellshock Bash Bug on Cloud Computing : Basics

As discovered by Red Hat who promptly released the security updates for Red Hat Enterprise and Fedora; Debian and Ubuntu also released the security update, the bug would have been present for some time (even in enterprise Linux, which could make it difficult to fix the bug) and allow very easy to execute malicious code on vulnerable systems : in fact using any software that relies on the Bash shell, it takes only three lines of code to gain access to “a wide selection” of attacks. To recall, Shellshock is also interesting for (Mac) OS X. Apple Inc. officially commented that most Mac users were likely not affected, unless they are advanced users. So we are warning our regular readers as we use iTerm2, ZSH and Homebrew. Apple released an update for Safari 7.1.

Red Hat researcher Florian Weimer found two more bugs, CVE-2014-7186 and CVE-2014-7187

The discovery was made ‹‹public on September 24, 2014. NIST evaluation of damage potential against Shellshock receives a rating of 10, the maximum. A patch was released on the day. However, within a few hours later, it also exposed issues. This second problem has also been given by NIST a CVE number. Shortly afterwards, the developers of Linux distributions Redhat, found two more faults. The first is a faulty access, the second occurs with nested loops. Micheal Zalewski discovered an additional error.

Impact of Shellshock Bash Bug on Cloud Computing : The Global Impact

Cloud Computing giants immediately released patches. Rackspace, the cornerstone of OpenStack made the issues public on status page :

Almost all Cloud Service providers provided immediate help for their customers. Google, Amazon, Digital Ocean – all IaaS vendors opened special webpages to help the users. Governments, such as those of the U.K. and U.S., are trying to mitigate the problem, which leaves many of their systems vulnerable. Globally, it affected a huge number of peoples behind the servers, with some loss in traffic conversion for migration and reboot process.