Also awful is "and confirmed its presence in bash for an extended period of time".
So this is roughly a second time that I have heard of, (I'm sure there are more) where flaws in otherwise trusted non-Windows Non-Adobe/Java stuff has been sitting on a vulnerability for who knows how long, and the "good guys" only found it in 2014. I mean, I know zero about Linux, but isn't bash one of those "deep core" little items that's been around forever?
(Glancing at the article for snips)
"...has been given the name Shellshock by some"
"this is the sort of exploit that will be lurking around in all various and sundry sorts of software, both local and remote. It's quite common for embedded devices with web-enabled front-ends to shuttle user input back and forth via bash shells, for example -- routers, SCADA/ICS devices, medical equipment, and all sorts of webified gadgets are likely to be exposed."
It's like a war now. "My heart is bleeding, and now I have shellshock."
Meanwhile in a tangentially related article I don't have the link to this minute, someone reported that hackers want medical data even more than credit cards now, and it remarked that hospitals don't always have top-notch IT departments. So if someone gets into some medical equipment, that could cause a mess!!
Robin Cook, where are you?