Shellshock Exploit

Shellshock is a privilege escalation vulnerability which offers a way for users of a system to execute commands that should be unavailable to them. This happens through Bash's "function export" feature, whereby command scripts created in one running instance of Bash can be shared with subordinate instances. This feature is implemented by encoding the scripts within a table that is shared between the instances, known as the environment variable list. Each new instance of Bash scans this table for encoded scripts assembles each one into a command that defines that script in the new instance, and executes that command. The new instance assumes that the scripts found in the list come from another instance, but it cannot verify this, nor can it verify that the command that it has built is a properly formed script definition. Therefore, an attacker can execute arbitrary commands on the system or exploit other bugs that may exist in Bash's command interpreter, if the attacker has a way to manipulate the environment variable list and then cause Bash to run.

Also available on

Lightweight Sweatshirt

Premium Oversized Hoodie

Premium Oversized Sweatshirt

~~$7.99~~ (15% off)

Samsung Galaxy Snap Case

~~$2.88~~ (20% off)

Looking for something different?

Search below.

Related Tags

Clocks Tags

This section provides a collection of tags that relate to the Clock on this page. These tags each link to a search for the Clocks that relate to the tag.