How vulnerable are bash users to shellshock bug?

Mon Sep 29 03:47:00 GMT 2014

According to,
shellshock is exploited when someone submits commands in place of parameter
data to a server, which then tries to shove the info into an environment
variable by a bash invocation.  

I (and I suspect many people) only use bash as a command line user
interface.  I don't run any services from the cygwin installation, and I
don't invoke any cygwin commands from Windows services (I know very little
about Windows services).  Would it be correct to say that the vulnerability
doesn't exist in such a scenario?  I can update some cygwin installations,
but some I cannot (and in those cases, cygwin is installed under
non-administrator accounts).

Problem reports:
Unsubscribe info:

More information about the Cygwin mailing list