Contents
When was shellshock patched?
24 September 2014
This article’s lead section may be too long for the length of the article.
A simple Shellshock logo, similar to the Heartbleed bug logo. | |
---|---|
CVE identifier(s) | CVE-2014-6271 (initial), CVE- 2014-6277, CVE- 2014-6278, CVE- 2014-7169, CVE- 2014-7186, CVE- 2014-7187 |
Date discovered | 12 September 2014 |
Date patched | 24 September 2014 |
When was Shellshock exploit discovered?
2014
Shellshock is a critical vulnerability due to the escalated privileges afforded to attackers, which allow them to compromise systems at will. Although the ShellShock vulnerability, CVE-2014-6271, was discovered in 2014, it is known to still exist on a large number of servers in the world.
What is shell shock in Linux?
Shellshock is a serious security bug in Bash, a “shell” commonly used in computers running Linux, UNIX and OS X. Shellshock could allow an attacker to execute malicious commands across the Internet on remote computers. Many web-facing servers run Linux and use Bash, so it is a widespread problem that needs fixing.
What shellshock means?
post-traumatic stress disorder
: post-traumatic stress disorder occurring under wartime conditions (as combat) that cause intense stress : battle fatigue, combat fatigue In the receiving ward he found a patient shivering on his bunk with a diagnosis—in this case accurate—of severe shell shock.—
When was the Shellshock bug announced to the public?
Working with security experts, he developed a patch (fix) for the issue, which by then had been assigned the vulnerability identifier CVE – 2014-6271. The existence of the bug was announced to the public on 2014-09-24, when Bash updates with the fix were ready for distribution.
Is there a bug for CVE 2014-7169?
A system patched for both CVE-2014-6271 and CVE-2014-7169 will simply echo the word “date” and the file “echo” will not be created, as shown below:
Where is the Shellshock remote code execution vulnerability found?
It gained so much popularity from the fact that the vulnerability is found in Unix Bash shell, which can be found on almost every Unix / Linux based web server, server and network device. What is the Shellshock Remote Code Execution Vulnerability?
Who is the author of the Shellshock vulnerability?
The shellshock vulnerability, discovered by Stephane Chazelas was assigned the CVE identifier CVE-2014-6271. A similar bug with identical consequences was discovered by Tavis Ormandy and was assigned the CVE identifier CVE-2014-7169.