Description
(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable.
Affected products
- gnu / bash1.14.6
- gnu / bash1.14.0 – 1.14.0
- gnu / bash1.14.1 – 1.14.1
- gnu / bash1.14.2 – 1.14.2
- gnu / bash1.14.3 – 1.14.3
- gnu / bash1.14.4 – 1.14.4
- gnu / bash1.14.5 – 1.14.5
- tcsh / tcsh6.05 – 6.05