312-50V10 · Question #170
ShellShock had the potential for an unauthorized user to gain access to a server. It affected many internet- facing services, which OS did it not directly affect?
The correct answer is C. OS X. ShellShock (CVE-2014-6271) exploited a flaw in GNU Bash; operating systems that do not rely on Bash for internet-facing services were not directly impacted in the same way as Linux and Unix servers.
Question
ShellShock had the potential for an unauthorized user to gain access to a server. It affected many internet- facing services, which OS did it not directly affect?
Options
- AWindows
- BLinux
- COS X
- DUnix
How the community answered
(45 responses)- A4% (2)
- B2% (1)
- C93% (42)
Why each option
ShellShock (CVE-2014-6271) exploited a flaw in GNU Bash; operating systems that do not rely on Bash for internet-facing services were not directly impacted in the same way as Linux and Unix servers.
Although Windows does not include Bash natively and was not directly affected either, the question focuses on distinguishing OS X from the Unix-family systems that were primary targets, not on Windows.
Linux was one of the most severely and directly impacted operating systems because Bash is its default shell and is commonly invoked by CGI scripts and network-facing daemons.
OS X ships with an older, separately licensed version of Bash (3.2) and is primarily a consumer desktop OS rather than a publicly exposed server platform, so ShellShock did not directly affect OS X in the way it affected Linux and Unix server deployments. While Apple released patches, OS X was not a primary attack vector because it was rarely configured to invoke Bash through internet-facing CGI or network services.
Unix systems use Bash or Bash-compatible shells extensively in server environments and were directly vulnerable to ShellShock exploitation through the same CGI and network service vectors.
Concept tested: ShellShock vulnerability scope across operating systems
Source: https://nvd.nist.gov/vuln/detail/CVE-2014-6271
Topics
Community Discussion
No community discussion yet for this question.