CVE-2010-0002
published 2010-01-14CVE-2010-0002: The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in…
low2.1CVSS 3.1
AVLACLAuNCNINAP
EXPLOIT
The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | bash | — | — |
| gnu | bash | — | — |
| gnu | bash | — | — |
| gnu | bash | — | — |
| gnu | bash | — | — |
| gnu | bash | — | — |