Total vulnerabilities in the database
The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.
| Software | From | Fixed in |
|---|---|---|
| gnu / bash | 3.2.48 | 3.2.48.x |
| gnu / bash | 2.05-b | 2.05-b.x |
| gnu / bash | 3.0 | 3.0.x |
| gnu / bash | 4.0 | 4.0.x |
| gnu / bash | 3.2 | 3.2.x |