Aweome post by Michael Anicas over at Digital Ocean that gives a nice summary of the 'Bash Bug' recently discovered. Basically this bug allows an attacker to encapsulate arbitrary executable Bash code when declaring a shell variable.
Due to the nature of the bug the injected code will be executed leaving any Unix or Linux system running affected Bash Shells open to all manners of exploits and misdeads. If you execute the below on your terminal and you see the output Bash is vulnerable! action needs to be taken immediately!
env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
Use your package manager to upgrade to the latest version of Bash now. For more information check out the Digital Ocean piece. It also has links to the original CVEs and various tools to test your website for exposure.
Written by
Nneko Branche.