The vulnerability arises from the ability to operate/create a environment variables with specially-crafted values before calling the bash shell.
leaving behind a backdoor for future attacks in the worst cases.
What Bash bug Could do ?
A crafted web request targeting a vulnerable CGI software could launch code/command on the server.
DHCP clients invoke shell scripts to configure the system, with values taken from a potentially malicious server.
This would allow arbitrary commands to be run, typically as root, on the DHCP client machine.
while these are only few of the examples this bug is capable of doing much more.
Why could be Bash Bug a Bigger Threat then Heartbleed ?
while the bash bug could lead an attacker to have full control over the system.
Red Hat and Fedora have already issued a patch for the bug.
source: www.techworm.net
