CVE-2014-6271, CVE-2014-7169: remote code execution in Bash

Details about the vulnerability in Bash were posted today.
In short, Bash allows you to export functions as environment variables:

$ myfunc() { echo "Hello"; }
$ export -f myfunc
$ env | grep -A1 ^myfunc
myfunc=() {  echo "Hello"
}

The vulnerability is that if after the function body (after the last character "}") you add another command and export it, it will be executed when the child interpreter is called:

$ env x='() { :; }; echo "Oh..."' /bin/bash -c /sbin/nologin
Oh...
This account is currently not available.

This, in turn, allows you to do interesting things - for example, if you have a CGI script in Perl that calls Bash - the attacker can construct an HTTP package that will contain malicious code. This code through environment variables gets into Bash - and will be executed.

All versions of Bash are vulnerable, starting with bash-1.14 (information from shellshocker.net ).
In certain circles, the vulnerability was nicknamed “Bashdoor,” which is not surprising.

More details can be easily google by CVE ID.

UPD 2014-09-24: Some “Hindu” security blogs attribute “privilege escalation” to the name of the vulnerability. This is not true - no privilege escalation, the code is executed with the rights of the same user, under which the "parent" shell runs.
On Twitter, the vulnerability has been dubbed shellshock.

UPD 2014-09-25: the fix for CVE-2014-6271 was incomplete, the new vulnerability was assigned the identifier CVE-2014-7169. Details are in the comments to the post.

UPD 2014-09-26: Fix for CVE-2014-7169 is available in the repositories of the main distributions. Red Hat Product Security has posted a small FAQ on its blog.