CVE-2010-0002

Name of the Vulnerable Software and Affected Versions Bash versions 2.05b, 3.0, 3.2, 3.2.48, and 4.0

Description The issue allows local users to send escape sequences to terminal emulators or hide the existence of a file via a crafted filename, due to the /etc/profile.d/60alias.sh script enabling the --show-control-chars option in LS OPTIONS.

Recommendations For Bash version 2.05b, consider disabling the --show-control-chars option in LS OPTIONS to prevent exploitation. For Bash version 3.0, restrict the use of crafted filenames to minimize the risk of hiding file existence. For Bash version 3.2, avoid using the /etc/profile.d/60alias.sh script until a fix is available. For Bash version 3.2.48, disable the LS OPTIONS variable to prevent sending escape sequences to terminal emulators. For Bash version 4.0, remove the --show-control-chars option from LS OPTIONS to mitigate the issue.