CVE-1999-1383
GNU Ba — CWE-264
- Published: 1996-09-13T04:00:00.000
- Last modified: 2025-04-03T01:03:51.193
- Vendors: GNU
- Products: Ba
- CWE: CWE-264
CVE-1999-1383 — (1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the w option in the PS1 variable. [Weakness: CWE-264]
Related CVE by CWE
No related CWE found.
Top CVE for Vendor
No items for this vendor.
Recently Exploited Similar Vulnerabilities
No recent KEV-listed items for this vendor/product.
(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the w option in the PS1 variable.
🧠 Explainer: What this vulnerability means
Summary: This vulnerability affects Ba by GNU (CWE: unspecified).
Impact: It may allow privilege escalation, data exposure, or service interruption.
Mitigation: Upgrade immediately to the remediated release and follow vendor hardening guidance.
- http://marc.info/?l=bugtraq&m=87602167419868&w=2 []
- http://www.dataguard.no/bugtraq/1996_3/0503.html [Exploit, Patch, Vendor Advisory]
- http://marc.info/?l=bugtraq&m=87602167419868&w=2 []
- http://www.dataguard.no/bugtraq/1996_3/0503.html [Exploit, Patch, Vendor Advisory]