3 matches found
CVE-2012-3410
CVE-2012-3410 describes a stack-based buffer overflow in GNU Bash (lib/sh/eaccess.c) that occurs when expanding the /dev/fd prefix. Before Bash 4.2 patch 33, a long filename in /dev/fd could allow local users to bypass intended restricted shell access. The vulnerability’s impact is described as a...
CVE-1999-0491
CVE-1999-0491 involves a vulnerability in the bash prompt parsing that lets a local user run commands as another user by creating a directory named after the command to execute. Affected component: bash prompt parsing. Root cause: command-name directory expansion during prompt handling enables pr...
CVE-1999-1383
CVE-1999-1383 affects bash (before 1.14.7) and tcsh (6.05). The vulnerability arises when a directory name contains shell metacharacters (back-tick) that are expanded during filename expansion for the PS1 variable, allowing local users to gain privileges. Affects local privilege escalation via di...