Shellshock

Last updated Aug 20, 2022 Edit Source

• Cs security

Shellshock is a vulnerability with code CVE-2014-6271. The bug occurs because bash processes trailing strings after function definitions in the values of environment variables. This allows an attacker to overwrite a binary that the bash script is calling with a function and run arbitrary code.

1

env x='() { :;}; echo vulnerable' bash -c 'echo hello'