What vulnerability does the Shellshock exploit attempt to achieve on a Linux host?

• A. Display passwd content to prompt.
• B. Modify the system clock.
• C. Create a new user account.
• D. Disable the firewall.

Answer: (A)

Shellshock centers on Bash executing arbitrary commands when it processes environment variables that define functions. An attacker can craft an environment payload so that, when Bash runs (for example, as part of a CGI script or a remote service), the attacker’s commands are executed on the host. A concrete demonstration of this capability is to run a command that displays the contents of sensitive files, such as the password file. Reading /etc/passwd can reveal user accounts and help an attacker understand the system layout, which is why this option best reflects the impact of the exploit. While other outcomes (like creating a new user or disabling a firewall) are possible after arbitrary command execution, the key idea Shellshock showcases is the ability to run commands on the target, including reading sensitive data.