Unrated severityNVD Advisory· Published Sep 13, 1996· Updated Apr 16, 2026

CVE-1999-1383

Description

(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable.

Affected products

GNU/Bash7 versions
cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:*range: <=1.14.6
- cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*
Tcsh/Tcsh
cpe:2.3:a:tcsh:tcsh:6.05:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dataguard.no/bugtraq/1996_3/0503.htmlnvdExploitPatchVendor Advisory
marc.infonvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000