CVE-2010-0002 Information

Description

The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b 3.0 3.2 3.2.48 and 4.0 enables the –show-control-chars option in LS_OPTIONS which allows local users to send escape sequences to terminal emulators or hide the existence of a file via a crafted filename.

Reference

http://www.mandriva.com/security/advisories?name=MDVSA-2010:004 https://qa.mandriva.com/show_bug.cgi?id=56882