Backdoor:Linux/Shellshock.A identifies files that attempt to exploit the CVE-2014-6271 vulnerability reported in Bash software. If successfully exploited, this vulnerability could allow remote attackers to execute code on the affected system. This vulnerability affects Unix-based operating systems, including Linux and Mac OS X.
F-Secure security products detect files that attempt to exploit the CVE-2014-6271 vulnerability. To prevent exploitation of such vulnerabilities, please refer to the application vendor for the latest updates and additional advice.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
NOTE If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note You need administrative rights to change the settings.
Bash is a popular command-line shell program that allows users to use text commands to issue instructions to an operating system, such as launching or modifying programs. Bash is used in a wide range of commercial and home systems, for a variety of purposes.
The CVE-2014-6271 vulnerability publicly announced on 24 Sept 2014 can, if successfully exploited, allow remote attackers to execute code on the affected system; in the worst case scenario, a remote attacker would be able to take full control of the system.
Additionally, a patch subsequently issued by RedHat attempting to close the CVE-2014-6271 vulnerability was found to be incomplete; this separate issue is tracked using the identifier CVE-2014-7169.
Users are strongly encouraged to check systems under their administration to determine if they are affected by this vulnerability, and where necessary, to update affected systems with the latest security patches from the respective application or system vendors.
For further details of the Shellshock vulnerability: