Type to search

The most brutal security bugs: Freak, ShellShock, Poodle, Heartbleed and BEAST



In the last couple of years various terrifying methods have been published which allow hackers and security professionals to penetrate environments that are vulnerable to the method or exploit that is being used by the hacker or security professional.

ShellShock

The ShellShock is also known in the security field as the Bashdoor bug. The Shellshock exploit uses various vulnerabilities which can be found in outdated Unix Bash shell environments. Cybercriminals and security professionals could use the Bash vulnerability to process certain requests. The requests could allow the cybercriminal or the security professional to gain unauthorized access to the targeted device(s).

The following CVE’s provide more information about the ShellShock exploit and the Unix Bash shell environment vulnerabilities:

  • CVE-2014-6271
  • CVE-2014-6277
  • CVE-2014-6278
  • CVE-2014-7169
  • CVE-2014-7186
  • CVE-2014-7187

If you want to know if your environment is vulnerable to the Shellshock exploit, then you might want to use the following resources which will answer your question directly:

https://shellshocker.net/

If you want to test it locally, you can use the following bash command in your Linux environment:

env X='() { (a)=>\’ bash -c “echo date”; cat echo

HeartBleed

The HeartBleed security bug has been published in April 2014, the Heartbleed security bug is/was found in the OpenSSL cryptography library which is globally used for the Transport Layer Security protocol.

Now in simple words, the Heartbleed security bug allowed security professionals and cybercriminals to gain access to the memory (storage) of the service which holds the secret key of the SSL/TLS communication.

This means that each device which used the vulnerable SSL/TLS communication would allow hackers and security profesionals to perform man in the middle attacks.



Tags:

Leave a Comment