Lucene search

[email protected]CVE-2010-0002

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-0002

2022-10-0316:21:13

CWE-20

[email protected]

web.nvd.nist.gov

cve-2010-0002

mandriva

bash package

bash

ls_options

escape sequences

terminal emulators

security vulnerability

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

16.1%

JSON

The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.

Affected configurations

NVD

Node

gnubashMatch2.05b

gnubashMatch3.0

gnubashMatch3.2

gnubashMatch3.2.48

gnubashMatch4.0

CPENameOperatorVersion
gnu:bashgnu basheq2.05
gnu:bashgnu basheq3.0
gnu:bashgnu basheq3.2
gnu:bashgnu basheq3.2.48
gnu:bashgnu basheq4.0

CPE	Name	Operator	Version
gnu:bash	gnu bash	eq	2.05
gnu:bash	gnu bash	eq	3.0
gnu:bash	gnu bash	eq	3.2
gnu:bash	gnu bash	eq	3.2.48
gnu:bash	gnu bash	eq	4.0

References

www.mandriva.com/security/advisories?name=MDVSA-2010:004

qa.mandriva.com/show_bug.cgi?id=56882

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

16.1%

JSON

Related for CVE-2010-0002

cvelist1 ubuntucve1 prion1 securityvulns2 nvd1 debiancve1 nessus1 openvas2