Shellshock

lore

securityprogramming

A 2014 family of Bash vulnerabilities that let attackers run commands through crafted environment variables.

Bash mistakenly executed code trailing a function definition passed in an environment variable, and because web servers and other services set such variables from user input, this became remote code execution. Bash is so pervasive across Unix systems that the exposure was enormous.

Also known as: Shellshock, Bashdoor, CVE-2014-6271

Sources

  • CVE-2014-6271 (2014)

All glossary entries