Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. This vulnerability exploits bash functionality that evaluates specially formatted environment variables passed to it from another environment.Īn attacker could use this feature to override or bypass restrictions to the environment to execute shell commands before restrictions have been applied. ShellShock Bash Bug left countless websites, servers, PCs, OS X Macs, various home routers, and many more open to the cyber criminals for Injection attack vulnerabilites by altering special environment variables. Bash has a feature where users can set “environment variables” and retrieve them later. It’s a computer program that allows users to type commands and executes them. Shellshock Bash Bug in Linux, Unix, Mac OS X Tutorial : A Critical remotely exploitable vulnerability has been discovered in the widely used Linux and Unix command-line shell, known as Bash, Bash stands for Bourne-Again SHell.
