The Shellshock vulnerability can be exploited on systems that are running Services or applications that allow unauthorized remote users to assign Bash environment variables.
Examples of exploitable systems include the following:
Apache HTTP Servers that use CGI scripts (via mod_cgi and mod_cgid) that are written in Bash or launch to Bash subshells
Certain DHCP clients
OpenSSH servers that use the ForceCommand capability
Various network-exposed services that use Bash
On each of your systems that run Bash, you may check for Shellshock vulnerability by running the following command at the bash prompt:
env VAR='() { :;}; echo Bash Linux has Bugs ' bash -c "echo Bash Linux is save"The highlighted echo Bash is vulnerable! portion of the command represents where a remote attacker could inject malicious code; arbitrary code following a function definition within an environment variable assignment. Therefore, if you see the following output, your version of Bash is vulnerable and should be updated:
Bash Linux has Bugs
Bash Linux is save
Otherwise, if your output does not include the simulated attacker’s payload, i.e. “Bash Linux has Bugs ” is not printed as output, your version of bash is not vulnerable. It may look something like this:
bash: warning: VAR: ignoring function definition attempt
bash: error importing function definition for `VAR’
Bash Linux is save
If your version of Bash is vulnerable, read on to learn how to update Bash and fix the vulnerability.
Test Remote Sites
Debian / Ubuntu – Open a terminal and type in:
sudo apt-get update && sudo apt-get install --only-upgrade bash
CentOS / Red Hat / Fedora – Open a terminal and type in:
su
yum update bash
Now check your system vulnerability again by running this command :
env VAR='() { :;}; echo Bash Linux has Bugs ' bash -c "echo Bash Linux is save"Be sure to update all of your affected servers to the latest version of Bash!
How to and tutorials 