Test script for Shellshock and related vulnerabilities
The Bash vulnerability that is now known as Shellshock had an incomplete fix at first. There are currently 6 public vulnerabilities.
shellshock and heartbleed
I wrote down some general thoughts about recent events and security in free software:
There's been some confusion how to interpret the results of this script and some people got scared by warnings on systems that didn't have any exploitable bugs.
The most important fix you need is one of the prefix/suffix-patches. Upstream patch number for this is bash042-050 and bash043-027 (patches for older versions also available). This patch was originally created by RedHat developer Florian Weimer and a modified version was applied by Bash developer Chet Ramey.
Once you have this prefix patch all other vulnerabilities are not exploitable. They are still bugs that should be fixed, but there is nothing to worry about.
Just run script:
The original vulnerability.
Further parser error, found by Tavis Ormandy (taviso).
Out of bound memory read error in redir_stack.
Off-by-one error in nested loops. (check only works when Bash is built with -fsanitize=address)
Uninitialized Memory use in make_redirect(), found by Michal Zalewski (lcamtuf).
Another parser bug, analysis still incomplete, also found by Michal Zalewski (lcamtuf).
Latest upstream patches (4.3 since patchlevel 030, 4.2 since patchlevel 051) include all fixes.
They also add prefixing to variable functions (a variant of Florian Weimer's patch). This protects from further function parser bugs and makes them likely not exploitable.
My current recommendation: Use latest upstream patches.