GNU Bash 1.14.0 up to 1.14.6 Back-Tick access control

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in GNU Bash 1.14.0 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown code of the component Back-Tick Handler. Upgrading eliminates this vulnerability.

Field06/17/2014 05:26 PM05/18/2018 09:22 AM
cve_nvd_summary(1) bash before 1.14.7 and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick) which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the ps1 variable.(1) bash before 1.14.7 and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick) which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the ps1 variable.
cvss3_vuldb_uiNN
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
cvss3_vuldb_avLL
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
vendorGNUGNU
nameBashBash
version1.14.0/1.14.1/1.14.2/1.14.3/1.14.4/1.14.5/1.14.61.14.0/1.14.1/1.14.2/1.14.3/1.14.4/1.14.5/1.14.6
componentBack-Tick HandlerBack-Tick Handler
affectedlistGNU Bash bis 1.14.6 tcsh 6.05GNU Bash bis 1.14.6 tcsh 6.05
cwe264 (privilege escalation)264 (privilege escalation)
risk11
historic11
cvss2_vuldb_basescore4.64.6
cvss2_vuldb_tempscore4.04.0
cvss2_vuldb_avLL
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss3_meta_basescore5.95.9
cvss3_meta_tempscore5.75.7
cvss3_vuldb_basescore5.95.9
cvss3_vuldb_tempscore5.75.7
date842572800 (09/13/1996)842572800 (09/13/1996)
locationBugtraqBugtraq
typePostingPosting
urlhttp://marc.theaimsgroup.com/?l=bugtraq&m=87602167419868&w=2http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419868&w=2
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
cveCVE-1999-1383CVE-1999-1383
cve_nvd_published842572800842572800
cvss2_nvd_avL
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP

Do you need the next level of professionalism?

Upgrade your account now!