Jump to navigation Jump to search “Bash bug” redirects here. This article’s lead section may be b&w software update long for the length of the article.
Did not find what they wanted? Try here
Please help by moving some material from it into the body of the article. Stéphane Chazelas contacted Bash’s maintainer, Chet Ramey, on 12 September 2014 telling Ramey about his discovery of the original bug, which he called “Bashdoor”. Working together with security experts, he soon had a patch as well. The first bug causes Bash to unintentionally execute commands when the commands are concatenated to the end of function definitions stored in the values of environment variables. Attackers exploited Shellshock within hours of the initial disclosure by creating botnets of compromised computers to perform distributed denial-of-service attacks and vulnerability scanning.
Accordingly, it has been compared to the Heartbleed bug in its severity. The Shellshock bug affects Bash, a program that various Unix-based systems use to execute command lines and command scripts. It is often installed as the system’s default command-line interface. Shellshock is a privilege escalation vulnerability which offers a way for users of a system to execute commands that should be unavailable to them. This happens through Bash’s “function export” feature, whereby command scripts created in one running instance of Bash can be shared with subordinate instances.