Understanding the Bash vulnerability – Shellshock
Shellshock or Bashdoor is a vulnerability that occurs in most versions of Linux and Unix operating systems. It was discovered on September 12, 2014, and affects all distributions of Linux using Bash shell. Shellshock vulnerability makes it possible to execute commands remotely using environment variables.
Getting ready
To understand Shellshock, we will need a Linux system using a version of Bash prior to 4.3, which is vulnerable to this bug.
How to do it...
In this section, we will see how to set up our system to understand the internal details of Shellshock vulnerability:
The first step to perform will be to check the version of Bash on the Linux system so that we can find out if our system is vulnerable to Shellshock. To check our version of Bash, run the following command:
Bash versions through 4.3 have been reported to be vulnerable to Shellshock. For our example, we are using Ubuntu 12.04 LTS, desktop version. From the output in the preceding...