312-50V10 · Question #31
Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet- facing services, which OS did it not directly affect?
The correct answer is D. Windows. Shellshock (CVE-2014-6271) exploited a flaw in the GNU Bash shell, which is native to Unix-like systems. Windows does not ship with Bash and was therefore not directly vulnerable.
Question
Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet- facing services, which OS did it not directly affect?
Options
- ALinux
- BUnix
- COS X
- DWindows
How the community answered
(48 responses)- A2% (1)
- B2% (1)
- C4% (2)
- D92% (44)
Why each option
Shellshock (CVE-2014-6271) exploited a flaw in the GNU Bash shell, which is native to Unix-like systems. Windows does not ship with Bash and was therefore not directly vulnerable.
Linux distributions ship with GNU Bash and were a primary target of Shellshock exploitation.
Unix systems use Bash or Bash-compatible shells and were directly affected by the vulnerability.
OS X (macOS) included GNU Bash as its default shell at the time and was directly vulnerable.
Shellshock targeted a parsing vulnerability in GNU Bash where specially crafted environment variables could execute arbitrary commands. Windows uses cmd.exe and PowerShell rather than Bash, so the vulnerability had no direct attack surface on Windows systems. Linux, Unix, and OS X all shipped with Bash and were directly exposed.
Concept tested: Shellshock Bash vulnerability affected platforms
Source: https://nvd.nist.gov/vuln/detail/CVE-2014-6271
Topics
Community Discussion
No community discussion yet for this question.