This is well worth fixing. A lot of software calls system() or doesn't vet the
environment variables passed to execve(). Some of those programs will be
network connected (perhaps CGI programs). As a result this bug is remotely
exploitable via particular network-facing applications.
-glen
https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack
http://www.abc.net.au/news/2014-09-25/new-software-bug-may-pose-bigger-
