Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0002

CWE-20 — Improper Input Validation9 documents6 sources

Severity

2.1LOW

EPSS

0.3%

top 43.83%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

GNU Bash

Timeline

PublishedJan 14

Latest updateMay 2

Description

The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDgnu/bash5 versions+4

Patches

Patch: www.mandriva.com ↗Patch: www.mandriva.com ↗

🔴Vulnerability Details

GHSA

GHSA-f3jx-26gh-ppcx: The /etc/profile↗2022-05-02

▶

CVEList

CVE-2010-0002: The /etc/profile↗2010-01-14

▶

💥Exploits & PoCs

Exploit-DB

GNU Bash 4.0 - 'ls' Control Character Command Injection↗2010-01-13

▶

📋Vendor Advisories

Debian

CVE-2010-0002: bash - The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b...↗2010

▶