Local User Vulnerability in Bash Package for Mandriva
CVE-2010-0002

Currently unrated

Key Information:

Vendor: Gnu
Status: Bash
Vendor: CVE Published:; 14 January 2010

Summary

The vulnerability in the Mandriva bash package allows local users to leverage the --show-control-chars option in the LS_OPTIONS variable. This can enable them to send crafted escape sequences to terminal emulators, possibly manipulating the display output in a way that obscures certain files. Such exploitation can pose significant risks, leading to unauthorized actions and information hiding within user environments.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

https://qa.mandriva.com/show_bug.cgi?id=56882

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 14, 2010