Apache-Shellshock(Bash)

CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka ShellShock.
Bash shell since v.1.3
The Bash mistakenly exectutes trailing commands after a series of characters
Apache web servers that run CGI or .sh scripts are also vulnerable

🗒️ Bash - *Nix shell part of the GNU project and default shell for most Linux distros.

🗒️ CGI (Commond Gateway Interface) - Apache executes arbitrary commands on the Linux system and the output displayed on the web server.

ShellShock Exploitation

Locate a script or input vector (legitimate Apache CGI scripts) to communicate with Bash
Input special characters within the HTTP headers (e.g. user-agent)
When CGI is executed, the web server will run it with Bash in a new process

PreviousSun Glassfish NextMetasploit Exploitation

Last updated 1 year ago