| Vulnerability Name: | CVE-1999-1048 (CCN-3414) | ||||||||
| Assigned: | 1998-09-05 | ||||||||
| Published: | 1998-09-05 | ||||||||
| Updated: | 2017-10-10 | ||||||||
| Summary: | Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: Caldera International, Inc. Security Advisory SA-1998.33 Buffer overflow in BASH Source: CCN Type: BugTraq Mailing List, Sat, 5 Sep 1998 21:28:05 +0000 BASH buffer overflow, LiNUX x86 exploit Source: MITRE Type: CNA CVE-1999-1048 Source: BUGTRAQ Type: UNKNOWN 19970821 Buffer overflow in /bin/bash Source: DEBIAN Type: Patch, Vendor Advisory 19980909 problem with very long pathnames Source: DEBIAN Type: Debian Security Advisory 19980909 bash: problem with very long pathnames Source: OSVDB Type: UNKNOWN 8345 Source: CCN Type: OSVDB ID: 8345 bash \w option PS1 Environment Variable Overflow Source: CCN Type: Red Hat Linux 4.2 General Errata bash Source: BUGTRAQ Type: Exploit, Vendor Advisory 19980905 BASH buffer overflow, LiNUX x86 exploit Source: XF Type: UNKNOWN linux-bash-bo(3414) Source: XF Type: UNKNOWN linux-bash-bo(3414) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||