CVE-1999-0491 – GNU GNU bash 1.14 - Path Embedded Code Execution
https://notcve.org/view.php?id=CVE-1999-0491
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. • https://www.exploit-db.com/exploits/19095 ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt http://www.securityfocus.com/bid/119 http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000%40smooth.Operator.org • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-1999-1383
https://notcve.org/view.php?id=CVE-1999-1383
(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable. • http://marc.info/?l=bugtraq&m=87602167419868&w=2 http://www.dataguard.no/bugtraq/1996_3/0503.html • CWE-264: Permissions, Privileges, and Access Controls •