Before we tell you what Shellshock is, you need to know what Bash (Bourne Again Shell) is. Bash is a core Part of Linux and Unix Operating Systems (Such as Mac OSX), and has existed since decades. Such operating Systems run on a majority of Servers powering the Internet, and then some more (Android is Linux, and people also use Desktop Linux OS).
So a vulnerability in Bash means a wide-spread Security Crisis, which would take a lot of time and effort to control, and possibly impossible to fully control.
This specific Vulnerability causes someone with malicious intent to use Bash to access confidential Data and also pass on commands, which is extremely dangerous.
As Wikipedia explains, for those who want the nitty gritty:
” While Bash is not an Internet-facing service, many Internet-facing daemonscall it internally, allowing an attacker to use an Internet-facing service that sets the contents of an environmental variable to have Bash execute the commands in the variable. DHCPclients are also potentially vulnerable, and more affected services are expected to be found.[“
Patches for this Bug have been released, but they have not yet been able to patch this bug fully. This bug is still out in the wild. Many are working towards a complete patch. Within hours after the report on the Bug was published, people have started exploiting it.
This is a wide-spread Security crisis, and we still don’t know how many systems have been patched, and how many still remain vulnerable.
What do you think of Shellshock? How terrified are you?