CVE-1999-1048

Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory.

Published: Sep 5, 1998
Updated: Apr 13, 2023
CVE: CVE-1999-1048
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
debian / debian_linux	1.3.1	1.3.1.x
redhat / linux	4.2	4.2.x

http://marc.info/?l=bugtraq&m=87602746719555&w=2
http://www.debian.org/security/1998/19980909
http://www.osvdb.org/8345
http://www.securityfocus.com/archive/1/10542
https://exchange.xforce.ibmcloud.com/vulnerabilities/3414

Vulnerability Database

289,599

CVE-1999-1048