Understanding the Shellshock Vulnerability

cyber

Almost a week ago, a new (old) type of OS command Injection was reported. The Shellshock vulnerability, also known as CVE-2014-6271, allows attackers to inject their own code into Bash using specially crafted environment variables, and it was disclosed with the following description:

Bash supports exporting not just shell variables ...

more ...