CVE-2019-20044

Sažetak

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

Reference

http://zsh.sourceforge.net/releases.html
https://github.com/XMB5/zsh-privileged-upgrade
https://www.zsh.org/mla/zsh-announce/141
https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html
https://security.gentoo.org/glsa/202003-55
https://support.apple.com/kb/HT211175
https://support.apple.com/kb/HT211170
https://support.apple.com/kb/HT211171
https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html
https://support.apple.com/HT211175
https://support.apple.com/HT211171
https://support.apple.com/HT211170
https://support.apple.com/HT211168
http://seclists.org/fulldisclosure/2020/May/53
http://seclists.org/fulldisclosure/2020/May/55
http://seclists.org/fulldisclosure/2020/May/59
http://seclists.org/fulldisclosure/2020/May/49
https://support.apple.com/kb/HT211168
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

07-11-2023 - 03:08

Objavljeno

24-02-2020 - 14:15