Total vulnerabilities in the database
(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable.
| Software | From | Fixed in |
|---|---|---|
| gnu / bash | - | 1.14.6.x |
| tcsh / tcsh | 6.05 | 6.05.x |
| gnu / bash | 1.14.3 | 1.14.3.x |
| gnu / bash | 1.14.1 | 1.14.1.x |
| gnu / bash | 1.14.2 | 1.14.2.x |
| gnu / bash | 1.14.4 | 1.14.4.x |
| gnu / bash | 1.14.5 | 1.14.5.x |
| gnu / bash | 1.14.0 | 1.14.0.x |