Debian 5 is, sadly, no longer supported by the friendly folks over at Debian. Like the rest of the internet, it's default version of bash is quite vulnerable to the ShellShock vulnerability.
To clean up the mess we have going here, start off by ensuring that the system is up to date (Debian 5.0.10 is the latest in the repositories. If you haven't already switched over to the archive sites for the upstream repositories in order to get package updates, update your /etc/apt/sources.list to point at the Debian archives (see the FAQ section at https://wiki.debian.org/DebianLenny). Then run an 'sudo apt-get update && sudo apt-get upgrade'.
Post-upgrade, /etc/debian_version should show the system at 5.0.10. In order to update bash, grab the bash-3.2 sources here: https://ftp.gnu.org/pub/gnu/bash/bash-3.2.tar.gz
Unpack them, and run a bit of bash to patch the sources up to 3.2.55:
#!/bin/bash
wget https://ftp.gnu.org/pub/gnu/bash/bash-3.2.tar.gz
tar -zxvf bash-3.2.tar.gz
cd bash-3.2
for x in `seq 1 55`
do
curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-`printf "%03d" $x` | patch -p0;
done
./configure
make
make tests
Then do the standard GNU install with "sudo make install".
