Lucene search

[email protected]NVD:CVE-1999-0491

HistoryApr 20, 1999 - 4:00 a.m.

CVE-1999-0491

1999-04-2004:00:00

CWE-94

[email protected]

web.nvd.nist.gov

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.

Affected configurations

NVD

Node

gnubashRange≤2.04

gnubashMatch1.14.0

gnubashMatch1.14.1

gnubashMatch1.14.2

gnubashMatch1.14.3

gnubashMatch1.14.4

gnubashMatch1.14.5

gnubashMatch1.14.6

gnubashMatch1.14.7

gnubashMatch2.0

gnubashMatch2.01

gnubashMatch2.01.1

gnubashMatch2.02

gnubashMatch2.02.1

gnubashMatch2.03

gnubashMatch2.05

gnubashMatch2.05a

References

ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt

www.securityfocus.com/bid/119

www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000%40smooth.Operator.org

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for NVD:CVE-1999-0491

cvelist1 cve1