nerdexam
Exams312-50V9Questions#392
EC-Council

312-50V9 · Question #392

312-50V9 Question #392: Real Exam Question with Answer & Explanation

The correct answer is A: Shellshock. Shellshock (CVE-2014-6271) is a critical bash vulnerability discovered in September 2014 that allowed attackers to execute arbitrary remote commands by appending malicious code to environment variables.

Question

Which of the following is a vulnerability in GNU's bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?

Options

  • AShellshock
  • BRootshell
  • CRootshock
  • DShellbash

Explanation

Shellshock (CVE-2014-6271) is a critical bash vulnerability discovered in September 2014 that allowed attackers to execute arbitrary remote commands by appending malicious code to environment variables.

Common mistakes.

  • B. Rootshell is not a recognized CVE or named vulnerability - it does not correspond to any documented bash exploit.
  • C. Rootshock is a fabricated term combining elements of real vulnerability names but does not refer to any actual documented vulnerability.
  • D. Shellbash is not a recognized vulnerability name and has no association with the 2014 GNU bash disclosure.

Concept tested. Shellshock bash vulnerability CVE-2014-6271

Reference. https://nvd.nist.gov/vuln/detail/CVE-2014-6271

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V9 Practice