Assuming it's a network full of machines who haven't bothered updating yet. EDIT: right?

Um, "haven't bothered"? Think about all the Linux/Unix-based devices that could be affected here, it's in the millions. Do you run a local server on your box? How about your Linux-based router? Has it been patched yet? Why not, it's been more than 24 hours now.

> How about your Linux-based router?

In the embedded world, people rarely run full GNU userland utils. They're extremely big and bloated, and embedded devicse needs maximum bang for buck. Therefore most of them comes with busybox, which besides being incredibly compact also is 100% unaffected.

Same goes for Android/Linux-based phones. Most don't come with a proper shell at all, and those who do, usually have busybox.

> Same goes for Android/Linux-based phones. Most don't come with a proper shell at all, and those who do, usually have busybox.

If this is true, there's been a fair amount of paranoia on HN that has gone sadly unanswered with corrections.

How many of them run bash? I'm about to check my router (I didn't think of it until today), but I read that Tomato runs busybox which I understand is not affected.

> Linux/Unix-based

Actually it's primarily Linux because /bin/sh is pointing to bash.