Shellshock
Notes
Shellshock, also known as Bashdoor,[1] is a family of security bugs[2] in the Unix Bash shell, the first of which was disclosed on 24 September 2014. Shellshock could enable an attacker to cause Bash to execute arbitrary commands and gain unauthorized access[3] to many Internet-facing services, such as web servers, that use Bash to process requests.
Source: Wikipedia
Resources
- Shellshock
This paper covers the basics of the Shellshock bash vulnerability, a discussion on ways to detect or prevent future Shellshock-like vulnerabilities, a timeline of what happened when, and some information about the specific CVEs (vulnerability identifiers). It ends with a few conclusions. This paper is part of the essay suite Learning from Disaster.