Shellshock or Bashdoor is a security bug found in Unix Bash shell. It is a critical flaw which has been discovered on 24 September 2014 by Akamai Technologies security researcher Stephane Chazelas. “Many Internet daemons, such as web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system” (Wikipedia, 2014). Targeted system must have a script or application which attempts to call Bash in order for the attack to succeed.
Common Vulnerabilities and Exposures database (CVE)
The flaw was originally assigned CVE-2014-6271, but it was later discovered that the patch had an issue in the parser and did not fully address the problem. MITRE later assigned CVE-2014-7169 and CVE-2014-6277, 4.3 CVE-2014-6278, 4.4 CVE-2014-7169
4.5 CVE-2014-7186, and 4.6 CVE-2014-7187 to cover the remaining problems after the application of the first patch. (Wikipedia, 2014).
CVSS Severity (version 2.0):
CVSS v2 Base Score: 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore: 10.0
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit Continue reading #Shellshock bug – critical vulnerability in the Bash Unix command-line interpreter