Qualys has released a tool to help detect the Bash/Shellshock vulnerability.
The vulnerability check has been added to its Freescan technology, allowing any organisation to verify the security of an internet facing server. It also said that Qualys customers can detect the flaw bug by scanning with the Qualys Vulnerability Management (VM) cloud service as QID 122693 and 13038, so users can get reports detailing their enterprise-wide exposure whenever they next scan their assets.
Wolfgang Kandek, chief technical officer for Qualys, said: “Bash allows attackers to specify arbitrary commands to execute by formatting an environment variable in a specific way. Given that the flaw has been around for more than ten years, almost all Linux and UNIX machines running will be vulnerable and this could have a bigger impact than Heartbleed which we saw earlier this year.”
Last night Apple released patches for the Lion, Mountain Lion and Mavericks versions of its OS X operating system, and this is now available as a software update.