Description
(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable.
References (2)
Core 2
Core References
Exploit, Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.dataguard.no/bugtraq/1996_3/0503.html
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=87602167419868&w=2
Scores
EPSS
0.0013
EPSS Percentile
32.2%
Details
CWE
CWE-264
Status
published
Products (8)
gnu/bash
1.14.0
gnu/bash
1.14.1
gnu/bash
1.14.2
gnu/bash
1.14.3
gnu/bash
1.14.4
gnu/bash
1.14.5
gnu/bash
< 1.14.6
tcsh/tcsh
6.05
Published
Sep 13, 1996
Tracked Since
Feb 18, 2026