The flaw involves how Bash evaluates environment variables. With specifically crafted variables, a hacker could use this hole to execute shell commands. This, in turn, could render a server vulnerable to ever greater assaults.
By itself, this is one of those security holes where an attacker would already need to have a high level of system access to cause damage. Unfortunately, as Red Hat's security team put it, "Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue."

The link for this article located at ZDNet Blogs is no longer available.