This document summarizes the Shellshock bug in Bash software discovered in September 2014. It describes four vulnerabilities (CVE-2014-6271, CVE-2014-6277, CVE-2014-7169, and an unknown CVE) that could allow remote code execution by manipulating environment variables passed to Bash. The document also outlines potential attack scenarios like reverse shells, data theft, and click fraud that could exploit Shellshock. It concludes by mentioning Patch 27 and a script to fix the vulnerable Bash versions.