Shellshock, also known as Bashdoor, is a family of security bugs in the Unix Bash shell, the first of which was disclosed on 24 September 2014. Shellshock could enable an attacker to cause Bash to execute arbitrary commands and gain unauthorized access to many Internet-facing services, such as web servers, that use Bash to process requests.
This paper covers the basics of the Shellshock bash vulnerability, a discussion on ways to detect or prevent future Shellshock-like vulnerabilities, a timeline of what happened when, and some information about the specific CVEs (vulnerability identifiers). It ends with a few conclusions. This paper is part of the essay suite Learning from Disaster.