Lucene search

[email protected]CVE-1999-0491

HistoryApr 20, 1999 - 4:00 a.m.

CVE-1999-0491

1999-04-2004:00:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-1999-0491

nvd

bash

user impersonation

local user

command execution

7.7 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

0.4%

JSON

The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.

CPENameOperatorVersion
gnu:bashgnu basheq1.14.3
gnu:bashgnu basheq2.05
gnu:bashgnu basheq1.14.1
gnu:bashgnu basheq2.01
gnu:bashgnu basheq2.0
gnu:bashgnu basheq2.01.1
gnu:bashgnu basheq1.14.7
gnu:bashgnu basheq1.14.6
gnu:bashgnu basheq1.14.2
gnu:bashgnu basheq1.14.4

CPE	Name	Operator	Version
gnu:bash	gnu bash	eq	1.14.3
gnu:bash	gnu bash	eq	2.05
gnu:bash	gnu bash	eq	1.14.1
gnu:bash	gnu bash	eq	2.01
gnu:bash	gnu bash	eq	2.0
gnu:bash	gnu bash	eq	2.01.1
gnu:bash	gnu bash	eq	1.14.7
gnu:bash	gnu bash	eq	1.14.6
gnu:bash	gnu bash	eq	1.14.2
gnu:bash	gnu bash	eq	1.14.4

Rows per page:

1-10 of 161

References

ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt

www.securityfocus.com/bid/119

www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000%40smooth.Operator.org

7.7 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

0.4%

JSON