The problem
A bug within the widely used shell program Bourne Again Shell (BASH) commonly installed as a part of the Linux OS and variants thereof, can allow a malicious user to remotely execute commands and ultimately obtain control of a machine.
Testing
Running the shell command: env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
will output:
vulnerable
this is a test
If the machine or server is vulnerable to ShellShock.
Or otherwise:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test
If the vulnerability is not present.
The solution
Run the command: lsb_release -a
to retrieve the Codename for your operating system. Followed by: sudo sed -i 's/CODENAME_RESULT/trusty/g' /etc/apt/sources.list
then: sudo apt-get update
and: sudo apt-get install --only-upgrade bash
to apply the patch.
As of October 3rd 2014; You can now simply patch this bug by issuing the command: sudo apt-get update && sudo apt-get install --only-upgrade bash
Re-run the test command as described above and if the patch has been applied successfully, your result should show that the vulnerability is no longer present.