CVE-1999-1020

CVSS 2.0 Score 7.5 of 10 (high)

Details

Published Sep 18, 1998
Updated: Dec 19, 2017

Summary

CVE-1999-1048 is a buffer overflow vulnerability affecting older versions of the Bash shell, including 2.0.0 and 1.4.17. Attackers can exploit this flaw by creating a maliciously long directory name and entering it into a directory that another user is accessing. The extended directory name is then displayed in the password prompt via the PS1 environmental variable. By manipulating the prompt, an attacker can inject code into the shell's buffer, ultimately gaining elevated privileges. This vulnerability poses a serious risk to systems with vulnerable Bash installations.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Novell NetWare

Affected Vendors

  • Novell Inc