Unix still struggles with ‘Shellshock’ aftermath

Although specialists and software companies have been working to patch the "Shellshock" hole that makes Unix-based systems vulnerable to "Bash" attacks, the problem still persists, and it might even be more severe than previously thought.

According to The Security Factory, this bug, which has previously been noticed to affect both Unix and Mac OS, could also pose a threat to Windows users as well. Their demonstration shows the especially sneaky way that this flaw works: Hackers could theoretically exploit a vulnerable file server, however much time and effort this might take.

To counter this, the Factory argues that all an administrator needs to do is tweak the code slightly to potentially cause havoc. Despite this, Microsoft said in a statement to the source that it would not be releasing an official bulletin warning about this vulnerability.

"The fix is as simple as the exploit. Look through the code and identify where the assignment of %CD% is done and ensure you have put quotes around any instance of %CD%," the source said. "So, replace this with something like Set CurrentPath="%CD%" (note the quotes around %CD%). That's it."

Despite the patches that have been released for this program, some users did attempt to attack computers through this fault. Thousands of systems were potentially endangered by this bug last month and Red Hat has created a test to determine whether or not a system is vulnerable, as well as which responses to expect back from the test when it is run.

Implementing a mainframe modernization solution allows for unified access, in case a fix needs to be implemented like this.