CVE-1999-1383

CVSS 2.0 Score 4.6 of 10 (medium)

Details

Published Sep 13, 1996
Updated: Oct 18, 2016
CWE ID 264

Summary

CVE-1999-1383 is a vulnerability affecting versions of bash before 1.14.7 and tcsh 6.05. The issue allows local users to execute arbitrary commands by exploiting shell metacharacters (` back-tick) present in directory names. When the shell expands filenames using the `\w` option in the PS1 variable, the enclosed commands are unintendedly executed, granting privileges to attackers.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share