CVE-1999-0491

GNU Bash < 2.04 - Code Injection

Title source: rule

Description

The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Shadow · textlocallinux

https://www.exploit-db.com/exploits/19095

View Code ZIP pw:eip

References (3)

[Patch, Vendor Advisory] ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/119

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000%40smooth.Operator.org

Scores

EPSS 0.0030

EPSS Percentile 53.0%

Classification

CWE

CWE-94

Status draft

Affected Products (17)

gnu/bash < 2.04

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

... and 2 more

Timeline

Published Apr 20, 1999

Tracked Since Feb 18, 2026