CVE-1999-1048

Published Sep 5, 1998

Last updated 7 years ago

Overview

Description: Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A632089-47D7-410D-AE12-F801193FA18F"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F299301C-6BFC-436C-9CFD-2E291D3702AE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References