nerdexam
EC-Council

312-50V10 · Question #170

ShellShock had the potential for an unauthorized user to gain access to a server. It affected many internet- facing services, which OS did it not directly affect?

The correct answer is C. OS X. ShellShock (CVE-2014-6271) exploited a flaw in GNU Bash; operating systems that do not rely on Bash for internet-facing services were not directly impacted in the same way as Linux and Unix servers.

Vulnerability Analysis

Question

ShellShock had the potential for an unauthorized user to gain access to a server. It affected many internet- facing services, which OS did it not directly affect?

Options

  • AWindows
  • BLinux
  • COS X
  • DUnix

How the community answered

(45 responses)
  • A
    4% (2)
  • B
    2% (1)
  • C
    93% (42)

Why each option

ShellShock (CVE-2014-6271) exploited a flaw in GNU Bash; operating systems that do not rely on Bash for internet-facing services were not directly impacted in the same way as Linux and Unix servers.

AWindows

Although Windows does not include Bash natively and was not directly affected either, the question focuses on distinguishing OS X from the Unix-family systems that were primary targets, not on Windows.

BLinux

Linux was one of the most severely and directly impacted operating systems because Bash is its default shell and is commonly invoked by CGI scripts and network-facing daemons.

COS XCorrect

OS X ships with an older, separately licensed version of Bash (3.2) and is primarily a consumer desktop OS rather than a publicly exposed server platform, so ShellShock did not directly affect OS X in the way it affected Linux and Unix server deployments. While Apple released patches, OS X was not a primary attack vector because it was rarely configured to invoke Bash through internet-facing CGI or network services.

DUnix

Unix systems use Bash or Bash-compatible shells extensively in server environments and were directly vulnerable to ShellShock exploitation through the same CGI and network service vectors.

Concept tested: ShellShock vulnerability scope across operating systems

Source: https://nvd.nist.gov/vuln/detail/CVE-2014-6271

Topics

#ShellShock#bash vulnerability#OS platform#CVE

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice