Reports of the first in-the-wild exploits targeting the Bash vulnerability have surfaced, as have complaints the first patches for the bug are incomplete. The urgency to patch systems against the Bash zero-day vulnerability has been cranked to 10 after reports of an exploit in the wild have been made public by AusCERT, the Computer Emergency Response Team of Australia. The vulnerability allows an attacker to remotely attach a malicious executable to a variable that is executed when Bash is invoked. Red Hat has updated advisory warning that the patch is incomplete and that specially crafted environment variables will execute arbitrary code.
Source: https://threatpost.com/bash-exploit-reported-first-round-of-patches-incomplete/108550/