Apparently, the shellshock Bash exploit [CVE-2014-6271](http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html) can be exploited over the network via SSH. I can imagine how the exploit would work via Apache/CGI, but I cannot imagine how that would work over SSH?
Can somebody please provide an example how SSH would be exploited, and what harm could be done to the system?
### CLARIFICATION
AFAIU, only an authenticated user can exploit this vulnerability via SSH. What use is this exploit for somebody, who has legitimate access to the system anyway? I mean, this exploit does not have privilege escalation (he cannot become root), so he can do no more than he could have done after simply logging in legitimately via SSH.
Asked by Martin Vegter
(598 rep)
Sep 25, 2014, 01:44 PM
Last activity: May 10, 2018, 10:53 AM
Last activity: May 10, 2018, 10:53 AM