The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.
CVSS Score
2.1
EPSS Score
0.003
Published
2010-01-14
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.
CVSS Score
4.6
EPSS Score
0.003
Published
1999-04-20
Page 2