nerdexam
EC-Council

312-50V10 · Question #522

Which of the following is a vulnerability in GNU's bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?

The correct answer is A. Shellshock. Shellshock (CVE-2014-6271) is a critical vulnerability in GNU Bash discovered in September 2014 that allowed attackers to execute arbitrary remote commands.

Vulnerability Analysis

Question

Which of the following is a vulnerability in GNU's bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?

Options

  • AShellshock
  • BRootshell
  • CRootshock
  • DShellbash

How the community answered

(36 responses)
  • A
    89% (32)
  • B
    3% (1)
  • C
    3% (1)
  • D
    6% (2)

Why each option

Shellshock (CVE-2014-6271) is a critical vulnerability in GNU Bash discovered in September 2014 that allowed attackers to execute arbitrary remote commands.

AShellshockCorrect

Shellshock exploited the way Bash processed specially crafted environment variables, allowing attackers to append shell commands after function definitions that Bash would then execute. It affected web servers, DHCP clients, and any service passing environment variables to Bash, enabling unauthenticated remote code execution at scale.

BRootshell

Rootshell is not a recognized vulnerability name - it is a fabricated distractor.

CRootshock

Rootshock is not a recognized vulnerability name - it is a fabricated distractor.

DShellbash

Shellbash is not a recognized vulnerability name - it is a fabricated distractor.

Concept tested: Shellshock Bash vulnerability CVE-2014-6271

Source: https://nvd.nist.gov/vuln/detail/CVE-2014-6271

Topics

#Shellshock#bash vulnerability#remote code execution#CVE-2014

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice