PricingBlogAbout Us

Report on the Shellshock Vulnerability: Impact and Exploitation

Verified

Added on  2020/05/11

|4
|486
|182
Report
AI Summary
This report provides an overview of the Shellshock vulnerability, a critical security flaw affecting Linux and Unix systems, including macOS. The vulnerability impacts the bash shell, used to interpret commands. The report details the vulnerability's potential for exploitation, particularly through web servers using the Common Gateway Interface (CGI). Attackers can inject malicious commands via malformed environment variables. The report highlights the mechanisms of exploitation and emphasizes the need for security measures to mitigate the risks. References to relevant research papers are also provided to support the analysis.
tabler-icon-diamond-filled.svg

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
1
Shellshock vulnerability
Name
Course
Professor
School
City
Date
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
2
Description
This vulnerability impact majority of models of the Linux along with the UNIX operating
systems, along with the Macintosh OS X (Mary, 2015). This vulnerability alter the bash, which
is the prevalent parts perceived as shell that appears to numerous models of the Unix and Linux
(Mary, 2015). The bash acts like the command language interpreter. It permit the end users to
type the command into the basic based window that the OS will certainly run.
According to Symantec they regards this vulnerability as extremely dangerous because the bash
has been utilized extensively in the Linux and Unix OS running on the web based computers for
instance the web servers (Casula, 2014).
Has it been exploited?
There has been minimal report whether the vulnerability has been utilized by the hackers in the
wild. Nevertheless, you can get a testament to notion of scripts that has recently been established
by the security analysts (Mary, 2015). Furthermore, there has been modules designed to provide
the Metasploit frame-work employed for the penetration testing.
How it is exploited
This vulnerability could only be manipulated by a remote hacker in a particular situations. For an
effective attack to happen, the hacker ought to compel a software application to transmit a
malicious environment adjustable to the bash (Delamore and Ko, 2015). The probably path for
an attack could be via internet servers employing the common Gateway interface which is a
system that is widely used for development of the dynamic web content (Huang, Liu, Fang and
Zuo, 2016). A hacker might use CGI to send out malformed environment variable to the servers
Document Page
3
that are susceptible. Given that the server used the Bash to analyze the variable, it can dash off to
the malicious command that is tacked to it.
Figure 1: The diagram displays precisely how the malicious command could be tacked on end
of authentic environment variable.
Document Page
4
References
Casula, R., 2014. “Shellshock” Security Vulnerability.
Delamore, B. and Ko, R.K., 2015, August. A global, empirical analysis of the shellshock
vulnerability in web applications. In Trustcom/BigDataSE/ISPA, 2015 IEEE (Vol. 1, pp. 1129-
1135). IEEE.
Huang, C., Liu, J., Fang, Y. and Zuo, Z., 2016. A study on Web security incidents in China by
analyzing vulnerability disclosure platforms. Computers & Security, 58, pp.47-62.
Mary, A., 2015. Shellshock Attack on Linux Systems-Bash. International Research Journal of
Engineering and Technology, 2(8), pp.1322-1325.
chevron_up_icon
1 out of 4
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.