CVE-2010-0002

Bash - Terminal Escape Sequence Injection via LS_OPTIONS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0002. PoCs published by Eric Piel.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in GNU Bash due to improper sanitization of control characters in the 'ls' command. By creating a directory with a crafted name containing backspace characters, an attacker can manipulate the displayed output to execute arbitrary commands.

Description

The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Eric Piel · textlocallinux
https://www.exploit-db.com/exploits/33508

This exploit demonstrates a command injection vulnerability in GNU Bash due to improper sanitization of control characters in the 'ls' command. By creating a directory with a crafted name containing backspace characters, an attacker can manipulate the displayed output to execute arbitrary commands.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: GNU Bash (versions affected by CVE-2010-0002)
No auth needed
Prerequisites: Access to a terminal where GNU Bash is used · Ability to create directories
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:004
Various Sources x_refsource_confirm
https://qa.mandriva.com/show_bug.cgi?id=56882

Scores

EPSS 0.0033
EPSS Percentile 56.2%

Details

CWE
CWE-20
Status published
Products (5)
gnu/bash 2.05 b
gnu/bash 3.0
gnu/bash 3.2
gnu/bash 3.2.48
gnu/bash 4.0
Published Jan 14, 2010
Tracked Since Feb 18, 2026