nerdexam
EC-Council

312-50V10 · Question #31

Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet- facing services, which OS did it not directly affect?

The correct answer is D. Windows. Shellshock (CVE-2014-6271) exploited a flaw in the GNU Bash shell, which is native to Unix-like systems. Windows does not ship with Bash and was therefore not directly vulnerable.

System Hacking

Question

Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet- facing services, which OS did it not directly affect?

Options

  • ALinux
  • BUnix
  • COS X
  • DWindows

How the community answered

(48 responses)
  • A
    2% (1)
  • B
    2% (1)
  • C
    4% (2)
  • D
    92% (44)

Why each option

Shellshock (CVE-2014-6271) exploited a flaw in the GNU Bash shell, which is native to Unix-like systems. Windows does not ship with Bash and was therefore not directly vulnerable.

ALinux

Linux distributions ship with GNU Bash and were a primary target of Shellshock exploitation.

BUnix

Unix systems use Bash or Bash-compatible shells and were directly affected by the vulnerability.

COS X

OS X (macOS) included GNU Bash as its default shell at the time and was directly vulnerable.

DWindowsCorrect

Shellshock targeted a parsing vulnerability in GNU Bash where specially crafted environment variables could execute arbitrary commands. Windows uses cmd.exe and PowerShell rather than Bash, so the vulnerability had no direct attack surface on Windows systems. Linux, Unix, and OS X all shipped with Bash and were directly exposed.

Concept tested: Shellshock Bash vulnerability affected platforms

Source: https://nvd.nist.gov/vuln/detail/CVE-2014-6271

Topics

#Shellshock#bash vulnerability#OS impact#CVE

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice