CVE-1999-1383 - CVE Details

Description

(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable.

Severity

Overall Severity: N/A

CVSS Metrics

Type	Score	Severity	Vector

Affected Products

gnu - bash

Affected Versions:

gnu - bash

Affected Versions:

1.14.0

gnu - bash

Affected Versions:

1.14.1

gnu - bash

Affected Versions:

1.14.2

gnu - bash

Affected Versions:

1.14.3

gnu - bash

Affected Versions:

1.14.4

gnu - bash

Affected Versions:

1.14.5

tcsh - tcsh

Affected Versions:

6.05

References

http://marc.info/?l=bugtraq&m=87602167419868&w=2
http://www.dataguard.no/bugtraq/1996_3/0503.html
ExploitPatchVendor Advisory
http://marc.info/?l=bugtraq&m=87602167419868&w=2
http://www.dataguard.no/bugtraq/1996_3/0503.html
ExploitPatchVendor Advisory