CVE-1999-1048 : Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extre

Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory.

Published 1998-09-05 04:00:00

Updated 2017-10-10 01:29:02

Source MITRE

View at NVD, CVE.org

Vulnerability category: Overflow

Exploit prediction scoring system (EPSS) score for CVE-1999-1048

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-1999-1048

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-1999-1048

http://www.debian.org/security/1998/19980909

Patch;Vendor Advisory
http://www.securityfocus.com/archive/1/10542

Exploit;Vendor Advisory
http://marc.info/?l=bugtraq&m=87602746719555&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/3414

Products affected by CVE-1999-1048

Debian » Debian Linux » Version: 1.3.1
cpe:2.3:o:debian:debian_linux:1.3.1:*:*:*:*:*:*:*
Matching versions
Redhat » Linux » Version: 4.2
cpe:2.3:o:redhat:linux:4.2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-1999-1048

Exploit prediction scoring system (EPSS) score for CVE-1999-1048

CVSS scores for CVE-1999-1048

References for CVE-1999-1048

Products affected by CVE-1999-1048