CVE-2014-6271 Shellshock: Bash command injection via function import from environment variables

CVE-2014-6271 ('Shellshock') is a critical command injection vulnerability in Bash ≤ 4.3. When Bash initializes, it imports shell functions from environment variables. If an env var value starts with '() {', Bash treats it as a function definition and calls parse_and_execute() on the full constructed string 'NAME () { BODY }; TRAILING_COMMANDS'. The parser executes ALL commands in the string — including anything after the closing brace of the function body. This allows arbitrary command execution in any context where an attacker can set environment variables before Bash runs (CGI via HTTP headers, SSH ForceCommand, DHCP hooks, etc.).