CVE-2010-0002

EPSS 0.33%
Published 14.01.2010 18:30:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Gnu ≫ Bash Version2.05 Updateb

Gnu ≫ Bash Version3.0

Gnu ≫ Bash Version3.2

Gnu ≫ Bash Version3.2.48

Gnu ≫ Bash Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.33%	0.533

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.mandriva.com/security/advisories?name=MDVSA-2010:004

Patch

Vendor Advisory

https://qa.mandriva.com/show_bug.cgi?id=56882

https://nvd.nist.gov/vuln/detail/CVE-2010-0002

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0002

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0002

EUVD