Shellshock
How to solve Shellshock on Debian and Ubuntu
Also Debian and Ubuntu are vulnerable for Shellshock vulnerability in Bash. That's why it is important to run apt update and perform an upgrade of Bash.
Summary
Protect against Shellshock
Shellshock is a serious software weakness, or vulnerability, in Bash. This shell is used on almost all Unix based systems, including Debian and Ubuntu. As it can be used without much effort and remotely exploit systems, it has a maximum vulnerability score according to CVSS.
Upgrade Bash
First update the software repository with apt-get, using the update parameter.
How to protect yourself against Shellshock Bash vulnerability
Bash is one of the most used shells on Unix based systems. The discovered shellshock vulnerability affects millions of systems. Learn how to protect.
Summary
Bash is one of the most used shells on Unix based systems. The newly discovered “shellshock” vulnerability affects millions of systems.
The weakness abuses an internal check when Bash gets a variable declaration. By defining this variable and putting more “stuff” (commands) in it, Bash will actually execute those commands as well. Unfortunately this results in several possible ways to exploit it by attackers.
Websites
One way this vulnerability scan be exploited, is by embedding it in HTTP requests. The extra payload might be the value for a cookie. Some CGI scripts, which reference to Bash as their shell, then will be tricked in executing commands when parsing the value of the cookie. Needless to say, but from there anything is possible, from revealing the contents of files, to implementing a backdoor.