CVE-1999-1383
CVSS 2.0 Score 4.6 of 10 (medium)
Details
Published Sep 13, 1996
Updated: Oct 18, 2016
CWE ID 264
Summary
CVE-1999-1383 is a vulnerability affecting versions of bash before 1.14.7 and tcsh 6.05. The issue allows local users to execute arbitrary commands by exploiting shell metacharacters (` back-tick) present in directory names. When the shell expands filenames using the `\w` option in the PS1 variable, the enclosed commands are unintendedly executed, granting privileges to attackers.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Free Software Foundation, Inc.