Vulnerability Details : CVE-1999-1048
Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory.
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-1999-1048
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-1999-1048
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
References for CVE-1999-1048
-
http://www.debian.org/security/1998/19980909
Patch;Vendor Advisory
-
http://www.securityfocus.com/archive/1/10542
Exploit;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=87602746719555&w=2
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/3414
Products affected by CVE-1999-1048
- cpe:2.3:o:debian:debian_linux:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:4.2:*:*:*:*:*:*:*