Shellshock is a bug that uses a vulnerability in the common Unix command execution shellbash (Bourne-Again SHell) to potentially enable hackers to take control of the machine and remotely execute arbitrary code directly into the system.
Because it preys on the Unix bash shell, which is utilized by most other major desktop and mobile operating systems like Linux, Mac OS X, iOS, Google Android and even Microsoft Windows, Shellshock has the potential to attack many types of systems and devices. To date, though, reports of Shellshock in the wild have been fairly limited, with the most prominent attacks targeting Web-facing servers and Network-Attached Storage devices (NAS).
It's also believed that operating systems like OS X and Windows do not expose bash to attacker-supplied input, which Shellshock would need to be able to control the computer. There remains the possibility, though, that other vulnerabilities could be discovered that would provide a way into the system for Shellshock or variants of the Shellshock bug.
Shellshock Shares Similarities with Heartbleed
Shellshock shares similarities with the Heartbleed bug that gained widespread attention in early 2014. Both are examples of arbitrary code execution (ACE) vulnerabilities, and they both make it possible for a hacker to exploit a wide range of computers, servers and other devices.
Shellshock Bug a Perfect 10 in Severity
The National Institute of Standards and Technology has rated the Shellshock vulnerability as a 10 out of 10 in terms of severity, impact and exploitability. Compounding the problem, Shellshock is also ranked low on the complexity scale, which means it has the potential to easily be used by a large percentage of hackers.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...
Stay up to date on the latest developments in Internet terminology with a free weekly newsletter from Webopedia. Join to subscribe now.
The following facts and statistics capture the changing landscape of cloud computing and how service providers and customers are keeping up with... Read More »SEO Dictionary
From keyword analysis to backlinks and Google search engine algorithm updates, our search engine optimization glossary lists 85 SEO terms you need... Read More »Texting & Chat Abbreviations
From A3 to ZZZ this guide lists 1,500 text message and online chat abbreviations to help you translate and understand today's texting lingo. Read More »
Java is a high-level programming language. This guide describes the basics of Java, providing an overview of syntax, variables, data types and... Read More »Java Basics, Part 2
This second Study Guide describes the basics of Java, providing an overview of operators, modifiers and control Structures. Read More »Network Fundamentals Study Guide
Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »