nerdexam
EC-Council

312-50V11 · Question #522

Which of the following is a vulnerability in GNU's bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?

The correct answer is A. Shellshock. Shellshock (CVE-2014-6271) is a critical vulnerability in the GNU Bash shell discovered in September 2014 that allows attackers to execute arbitrary remote commands by appending malicious code to environment variable definitions.

Vulnerability Analysis

Question

Which of the following is a vulnerability in GNU's bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?

Options

  • AShellshock
  • BRootshell
  • CRootshock
  • DShellbash

How the community answered

(52 responses)
  • A
    87% (45)
  • B
    2% (1)
  • C
    4% (2)
  • D
    8% (4)

Why each option

Shellshock (CVE-2014-6271) is a critical vulnerability in the GNU Bash shell discovered in September 2014 that allows attackers to execute arbitrary remote commands by appending malicious code to environment variable definitions.

AShellshockCorrect

Shellshock exploits a flaw in how Bash processes function definitions stored in environment variables, allowing extra commands appended after the function definition to be executed automatically. Because Bash is invoked by many services such as CGI scripts and DHCP clients, remote attackers could trigger code execution without authentication. It was publicly disclosed on September 24, 2014 and assigned CVE-2014-6271.

BRootshell

Rootshell is not the name of any documented or recognized CVE vulnerability - it is a fabricated term not associated with any known GNU Bash exploit.

CRootshock

Rootshock is likewise a fabricated term and does not correspond to any real vulnerability name or CVE entry.

DShellbash

Shellbash is a fabricated term and does not refer to any documented vulnerability affecting the GNU Bash shell or any other system.

Concept tested: Shellshock GNU Bash remote code execution vulnerability

Source: https://nvd.nist.gov/vuln/detail/CVE-2014-6271

Topics

#Shellshock#bash vulnerability#remote code execution#CVE-2014-6271

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice