Sign in Get started

← All advisories

Unrated severityNVD Advisory· Published Apr 20, 1999· Updated Apr 16, 2026

CVE-1999-0491

CVE-1999-0491

Description

The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.

Affected products

17

GNU/Bash17 versions
cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:*range: <=2.04
- cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txtnvdPatchVendor Advisory
www.securityfocus.com/bid/119nvd
www.securityfocus.com/templates/archive.pikenvd

News mentions

0

No linked articles in our index yet.