Shellshock’ Bash Vulnerability discovered

Within a day of the Bash bug dubbed Shellshock’ Bash Vulnerability being disclosed, it appears that attackers are already looking for ways to use it for their advantage.
Security researchers have found evidence of concept code that attempts to exploit the serious bug discovered this week in Bourne-Again Shell, also known as Bash, which according to US CERT affects both Linux Mac OS. there is no authentication required when exploiting Bash via CGI scripts.
According to the National Institute of Standards and Technology (NIST) vulnerability database, this rates the fault 10 out of 10 in terms of severity:
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows permits attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.
Who is vulnerable?
approximately every server in the Internet is vulnerable to it (every server has Bash). But not all sites are actually exploitable.
I mean, who really still uses mod_cgi instead of mod_php/fast_cgi that would be safe? Or who would write a CGI in shell scripting?
cPanel users at Risk
By default cPanel have these 2 directories existing in every user’s home direcotry:

Check System Vulnerability
You can identifying if you’re vulnerable is easier than previous vulnerabilities. Log into your server and via terminal run this command:

If you are vulnerable the output will be as below:

To resolve it will depend on your Linux distribution but if you will want to reinstall or update, do as below:

– or –

Once complete, rerun the test and output should be as below: