2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
15.0%
The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | bash | < 5.2.15-2 | bash_5.2.15-2_all.deb |
Debian | 11 | all | bash | < 5.1-2+deb11u1 | bash_5.1-2+deb11u1_all.deb |
Debian | 10 | all | bash | < 5.0-4 | bash_5.0-4_all.deb |
Debian | 999 | all | bash | < 5.2.21-2 | bash_5.2.21-2_all.deb |
Debian | 13 | all | bash | < 5.2.21-2 | bash_5.2.21-2_all.deb |