Potential Bash Script Vulnerability

[admin]

Hello everyone!

I've attached a minimal script which shows the issue, and my recommended 
solution.

Affected for sure:
System1: 64 bit Ubuntu 22.04.4 LTS - Bash: 5.1.16(1)-release - Hardware: 
HP Pavilion 14-ec0013nq (Ryzen 5 5500u, 32GB RAM, Radeon grapics, nvme 
SSD.)
System2: 64 bit Ubuntu 20.10 (No longer supported.) - Bash: 
5.0.17(1)-release - Hardware: DIY (AMD A10-5800k, 32GB RAM, Radeon 
graphics, several SATA drives)
and probably a lot more...

Not sure whether or not this is a know issue, truth be told I discovered 
it years ago (back around 2016) as I was learning bash scripting, and 
accidentally appended a command to the running script, which got 
executed immediately after the script but back then I didn't find it 
important to report since I considered myself a noob. I figured someone 
more experienced will probably find and fix it, or there must be a 
reason for it. I forgotű it. Now watching a video about clever use of 
shell in XZ stuff I remembered, tested it again and found it still 
unpatched. :S So now I'm reporting it and hope it helps!

Read the code, test it, fix it. More explanation in the comments.

Since it's very old I'd recommend a silent fix before announcement, 
especially since I also found a potentially easy fix.

Kind regards
Tibor

BashVulnerabilityDemo.zip
Description: Zip archive