Bash Code Injection (Shellshock) CVE-2014-6271
Bash, a very popular software program on Linux, has a remarkable security weakness. If attackers […]
Bash, a very popular software program on Linux, has a remarkable security weakness. If attackers can have bash invoked in a particular way (i.e., by controlling the bash environment variable), they can inject arbitrary code and gain carte-blanche access to systems. The vulnerability, which has come to be known as the Shellshock vulnerability, has a Common Vulnerabilities and Exposures number of CVE-2014-6271. Given the level of access afforded to the attacker and the relative simplicity of implementing the exploit, this vulnerability potentially has far more severe ramifications than the Heartbleed bug discovered earlier this year. In this video, Elastica Team describes the vulnerability at a high level.