Backdoor:Linux/Shellshock.A

Classification

Malware

Backdoor

Linux

Shellshock, Exploit:Linux/CVE-2014-6271.A

Summary

Backdoor:Linux/Shellshock.A identifies files that attempt to exploit the CVE-2014-6271 vulnerability reported in Bash software. If successfully exploited, this vulnerability could allow remote attackers to execute code on the affected system. This vulnerability affects Unix-based operating systems, including Linux and Mac OS X.

Removal

F-Secure security products detect files that attempt to exploit the CVE-2014-6271 vulnerability. To prevent exploitation of such vulnerabilities, please refer to the application vendor for the latest updates and additional advice.

Suspect a file is incorrectly detected (a False Positive)?

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    NOTE If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note You need administrative rights to change the settings.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Bash is a popular command-line shell program that allows users to use text commands to issue instructions to an operating system, such as launching or modifying programs. Bash is used in a wide range of commercial and home systems, for a variety of purposes.

The CVE-2014-6271 vulnerability publicly announced on 24 Sept 2014 can, if successfully exploited, allow remote attackers to execute code on the affected system; in the worst case scenario, a remote attacker would be able to take full control of the system.

Additionally, a patch subsequently issued by RedHat attempting to close the CVE-2014-6271 vulnerability was found to be incomplete; this separate issue is tracked using the identifier CVE-2014-7169.

Users are strongly encouraged to check systems under their administration to determine if they are affected by this vulnerability, and where necessary, to update affected systems with the latest security patches from the respective application or system vendors.

For further details of the Shellshock vulnerability: