NVD National Vulnerability Database)is the U.S. government based on vulnerability management data of the standard Knowledge Base, these data support the automation of vulnerability management and security testing, and follow Federal Information Security Management act FISMA is. Recently the U.S. national network-aware system release the one for“CVE-2 0 1 4-6 2 7 1 bash remote command execution vulnerability, ShellShock broken shell”summary,“break the shell”vulnerability is far better than“bleeding heart”, it seems deserved.
Freebuf here to share with you more shellshock information, hope everyone to ShellShock effects and principles of have more understanding. Gossip not say more, see below.
For CVE-2 0 1 4-6 2 7 1 bash remote command execution vulnerability, ShellShock broken shell）summary
GNU Bash 4.3 and previous versions by defining the environment variable value after appending a particular string may allow an attacker to remotely execute arbitrary commands using the form: