CVE-1999-0491 - CVE Details

Description

The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.

Severity

Overall Severity: N/A

CVSS Metrics

Type	Score	Severity	Vector

Affected Products

gnu - bash

Affected Versions:

gnu - bash

Affected Versions:

1.14.0

gnu - bash

Affected Versions:

1.14.1

gnu - bash

Affected Versions:

1.14.2

gnu - bash

Affected Versions:

1.14.3

gnu - bash

Affected Versions:

1.14.4

gnu - bash

Affected Versions:

1.14.5

gnu - bash

Affected Versions:

1.14.6

gnu - bash

Affected Versions:

1.14.7

gnu - bash

Affected Versions:

gnu - bash

Affected Versions:

2.01

gnu - bash

Affected Versions:

2.01.1

gnu - bash

Affected Versions:

2.02

gnu - bash

Affected Versions:

2.02.1

gnu - bash

Affected Versions:

2.03

gnu - bash

Affected Versions:

2.05

gnu - bash

Affected Versions:

2.05

References

ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt
PatchVendor Advisory
http://www.securityfocus.com/bid/119
http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000%40smooth.Operator.org
ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt
PatchVendor Advisory
http://www.securityfocus.com/bid/119
http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000%40smooth.Operator.org