CVE-2000-1134

Name of the Vulnerable Software and Affected Versions bash versions 1.14.7 tcsh version 6.10 sh (affected versions not specified) csh (affected versions not specified)

Description The issue affects multiple shell programs on Unix systems, including bash, tcsh, csh, and sh. It allows local users to exploit a symlink attack when the shell programs follow symlinks while processing redirects, potentially leading to the overwrite of other users' files. This could compromise the confidentiality, integrity, and availability of protected information. The exploitation can be carried out locally.

Recommendations For bash version 1.14.7, consider restricting access to sensitive files until a patch is available. For tcsh version 6.10, avoid using the << redirect feature in scripts that handle sensitive data. For sh and csh, as a temporary workaround, consider disabling the use of symlinks in redirects until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.