CVE-1999-0491 Information

Description

The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.

Reference

ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt http://www.securityfocus.com/bid/119 http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000@smooth.Operator.org