CVE-2014-6271 (Shellshock): Environment Variable Function Definition Injection in bash-4.3

Bash 4.3 processes function definitions from environment variables during initialization. When a variable contains text starting with '() {', the initialize_shell_variables function concatenates the variable name with the function definition and passes the entire string to parse_and_execute. However, the parser executes ALL commands in the string, including arbitrary code after the function definition's closing brace. This allows attackers to inject arbitrary shell commands via environment variables that will execute when bash starts, even before any user command is run. This is the Shellshock vulnerability.