312-50V10 · Question #522
Which of the following is a vulnerability in GNU's bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?
The correct answer is A. Shellshock. Shellshock (CVE-2014-6271) is a critical vulnerability in GNU Bash discovered in September 2014 that allowed attackers to execute arbitrary remote commands.
Question
Which of the following is a vulnerability in GNU's bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?
Options
- AShellshock
- BRootshell
- CRootshock
- DShellbash
How the community answered
(36 responses)- A89% (32)
- B3% (1)
- C3% (1)
- D6% (2)
Why each option
Shellshock (CVE-2014-6271) is a critical vulnerability in GNU Bash discovered in September 2014 that allowed attackers to execute arbitrary remote commands.
Shellshock exploited the way Bash processed specially crafted environment variables, allowing attackers to append shell commands after function definitions that Bash would then execute. It affected web servers, DHCP clients, and any service passing environment variables to Bash, enabling unauthenticated remote code execution at scale.
Rootshell is not a recognized vulnerability name - it is a fabricated distractor.
Rootshock is not a recognized vulnerability name - it is a fabricated distractor.
Shellbash is not a recognized vulnerability name - it is a fabricated distractor.
Concept tested: Shellshock Bash vulnerability CVE-2014-6271
Source: https://nvd.nist.gov/vuln/detail/CVE-2014-6271
Topics
Community Discussion
No community discussion yet for this question.