ShellShock Vulnerability for perfSONAR Deployments

Multiple vulnerabilities allowing unauthenticated remote users to run arbitrary code with the privileges of the user that runs Bash scripts was found in Bourne Again Shell (Bash). This has been called the 'shellshock vulnerability (CVE-2014-6271) and has been widely publicized.

It was discovered that attackers have taken advantage of this vulnerability to compromise a significant number of perfSONAR instances in the high energy physics community. Security teams are actively investigating with the identified victims.

Attackers continue to aggressively use the Bash vulnerability to attack perfSONAR instances.

The security teams, as well as WLCG Operations, highly recommend that all sites terminate their perfSONAR instances as a precautionary measure, until the attacks are contained. Easiest option is to just power-off your perfSONAR nodes.

(Unless you have patched the Bash packages on your perfSONAR by Friday 26 Sep and have sufficient expertise to ensure your host has not been compromised.)

Please do not hesitate to contact your local or infrastructure security team in case of questions:

Further details will be provided here shortly.

Indicators of a Compromised System

To be filled in shortly

Remediation

To be filled in shortly

-- The WLCG Network and Transfer Metrics WG - 29 Sep 2014

Edit | Attach | Watch | Print version | History: r6 | r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r2 - 2014-09-29 - ShawnMcKee
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback