Local Command Execution Vulnerability in Bash by Caldera Systems
CVE-1999-0491

Currently unrated

Key Information:

Vendor: Gnu
Status: Bash
Vendor: CVE Published:; 20 April 1999

What is CVE-1999-0491?

A local user can exploit a flaw in the prompt parsing of Bash to execute arbitrary commands as another user. This is achieved by creating a directory with the same name as the command intended for execution, potentially compromising system integrity. Users should ensure they are using secure configurations and consider updating to a patched version to mitigate the risks associated with this vulnerability.

References

http://www.securityfocus.com/templates/archive.pike?list=...

mailing-listx_refsource_BUGTRAQ

ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-...

vendor-advisoryx_refsource_CALDERA

http://www.securityfocus.com/bid/119

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Jun 7, 1999
Vulnerability published
Apr 20, 1999

Gnu

What is CVE-1999-0491?

References

Timeline