>> [ from /. thread ]
>>
>> This is the test to see if you are vulnerable:
>>
>>�� �� ��env x='() {:;}; echo vulnerable' bash -c "echo this is a test"
>
> And what should we see if we are vulnerable?�� My running of that just
> prints out syntax errors and then runs the echo command.�� The printing
> out of syntax errors does seem strange, as I would have expected the
> guff in the single quotes to be verbatim assigned to x without any
> globbing or variable substitution.�� But I am no expert in bash having
> learnt most of my Unix foo on Solaris and Tru64 Unix running csh.

Bad:
vulnerable
this is a test

Good:
this is a test

Source:
http://linux.slashdot.org/comments.pl?sid=5750159&cid=47985837