(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=87602167419868&w=2 | |
http://www.dataguard.no/bugtraq/1996_3/0503.html | Exploit Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2001-09-12T04:00:00
Updated: 2016-10-17T13:57:01
Reserved: 2001-08-31T00:00:00
Link: CVE-1999-1383
JSON object: View
NVD Information
Status : Modified
Published: 1996-09-13T04:00:00.000
Modified: 2016-10-18T02:03:52.327
Link: CVE-1999-1383
JSON object: View
Redhat Information
No data.
CWE