Understanding the bash vulnerability through Shellshock
Shellshock, or Bashdoor, is a vulnerability that's used in most versions of the Linux and Unix operating systems. It was discovered on September 12, 2014, and it affects all the distributions of Linux using a bash shell. The Shellshock vulnerability makes it possible to execute commands remotely using environment variables.
Getting Ready
To understand Shellshock, we need a Linux system that uses a version of bash prior to 4.3, which is vulnerable to this bug.
How to do it…
In this section, we will take a look at how to set up our system to understand the internal details of the Shellshock vulnerability:
The first step is to check the version of bash on the Linux system so that we can figure out whether our system is vulnerable to Shellshock. To check the version of bash, we run this command:
Bash versions from 4.3 and onwards have been reported to be vulnerable to Shellshock. For our example, we are using the Ubuntu 12.04 LTS desktop version...
