CVE-2010-0002

GNU Bash - Improper Input Validation

Title source: rule

Description

The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Eric Piel · textlocallinux

https://www.exploit-db.com/exploits/33508

View Code ZIP pw:eip

References (2)

[Patch, Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2010:004

[Various Sources] https://qa.mandriva.com/show_bug.cgi?id=56882

Scores

EPSS 0.0033

EPSS Percentile 55.7%

Classification

CWE

CWE-20

Status draft

Affected Products (5)

gnu/bash

gnu/bash

gnu/bash

gnu/bash

gnu/bash

Timeline

Published Jan 14, 2010

Tracked Since Feb 18, 2026