Description
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.
Exploits (1)
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000%40smooth.Operator.org
Patch, Vendor Advisory vendor-advisory
x_refsource_caldera
ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/119
Scores
EPSS
0.0030
EPSS Percentile
53.3%
Details
CWE
CWE-94
Status
published
Products (16)
gnu/bash
1.14.0
gnu/bash
1.14.1
gnu/bash
1.14.2
gnu/bash
1.14.3
gnu/bash
1.14.4
gnu/bash
1.14.5
gnu/bash
1.14.6
gnu/bash
1.14.7
gnu/bash
2.0
gnu/bash
2.01
... and 6 more
Published
Apr 20, 1999
Tracked Since
Feb 18, 2026