Published: 20/04/1999 Updated: 07/11/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu bash 1.14.3
gnu bash 2.05
gnu bash 1.14.1
gnu bash 2.01
gnu bash 2.0
gnu bash 2.01.1
gnu bash 1.14.7
gnu bash 1.14.6
gnu bash 1.14.2
gnu bash 1.14.4
gnu bash 2.02.1
gnu bash 1.14.5
gnu bash 1.14.0
gnu bash 2.02
gnu bash
gnu bash 2.03

source: wwwsecurityfocuscom/bid/119/info A vulnerability in bash may allow inadvertently running commands embedded in the path to the currently working directory If an unsuspecting user enters a directory created by some malicious user with embedded commands, and their prompt (PS1) contains '\w' or '\W', and the prompt is displayed the ...

CWE-94 ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt http://www.securityfocus.com/bid/119 http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000%40smooth.Operator.org https://nvd.nist.gov https://www.exploit-db.com/exploits/19095/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-1999-0491

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect