312-50V11 · Question #522
Which of the following is a vulnerability in GNU's bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?
The correct answer is A. Shellshock. Shellshock (CVE-2014-6271) is a critical vulnerability in the GNU Bash shell discovered in September 2014 that allows attackers to execute arbitrary remote commands by appending malicious code to environment variable definitions.
Question
Which of the following is a vulnerability in GNU's bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?
Options
- AShellshock
- BRootshell
- CRootshock
- DShellbash
How the community answered
(52 responses)- A87% (45)
- B2% (1)
- C4% (2)
- D8% (4)
Why each option
Shellshock (CVE-2014-6271) is a critical vulnerability in the GNU Bash shell discovered in September 2014 that allows attackers to execute arbitrary remote commands by appending malicious code to environment variable definitions.
Shellshock exploits a flaw in how Bash processes function definitions stored in environment variables, allowing extra commands appended after the function definition to be executed automatically. Because Bash is invoked by many services such as CGI scripts and DHCP clients, remote attackers could trigger code execution without authentication. It was publicly disclosed on September 24, 2014 and assigned CVE-2014-6271.
Rootshell is not the name of any documented or recognized CVE vulnerability - it is a fabricated term not associated with any known GNU Bash exploit.
Rootshock is likewise a fabricated term and does not correspond to any real vulnerability name or CVE entry.
Shellbash is a fabricated term and does not refer to any documented vulnerability affecting the GNU Bash shell or any other system.
Concept tested: Shellshock GNU Bash remote code execution vulnerability
Source: https://nvd.nist.gov/vuln/detail/CVE-2014-6271
Topics
Community Discussion
No community discussion yet for this question.