Hello everyone!I've attached a minimal script which shows the issue, and my recommended solution.
Affected for sure:System1: 64 bit Ubuntu 22.04.4 LTS - Bash: 5.1.16(1)-release - Hardware: HP Pavilion 14-ec0013nq (Ryzen 5 5500u, 32GB RAM, Radeon grapics, nvme SSD.) System2: 64 bit Ubuntu 20.10 (No longer supported.) - Bash: 5.0.17(1)-release - Hardware: DIY (AMD A10-5800k, 32GB RAM, Radeon graphics, several SATA drives)
and probably a lot more...Not sure whether or not this is a know issue, truth be told I discovered it years ago (back around 2016) as I was learning bash scripting, and accidentally appended a command to the running script, which got executed immediately after the script but back then I didn't find it important to report since I considered myself a noob. I figured someone more experienced will probably find and fix it, or there must be a reason for it. I forgotű it. Now watching a video about clever use of shell in XZ stuff I remembered, tested it again and found it still unpatched. :S So now I'm reporting it and hope it helps!
Read the code, test it, fix it. More explanation in the comments.Since it's very old I'd recommend a silent fix before announcement, especially since I also found a potentially easy fix.
Kind regards Tibor
<<attachment: BashVulnerabilityDemo.zip>>
