CVE-2019-20044
N/A
N/A
Summary
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the –no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://zsh.sourceforge.net/releases.html
- https://github.com/XMB5/zsh-privileged-upgrade
- https://www.zsh.org/mla/zsh-announce/141
- https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/
- https://security.gentoo.org/glsa/202003-55
- https://support.apple.com/kb/HT211170
- https://support.apple.com/kb/HT211175
- https://support.apple.com/kb/HT211171
- https://support.apple.com/kb/HT211168
- http://seclists.org/fulldisclosure/2020/May/49
- http://seclists.org/fulldisclosure/2020/May/55
- http://seclists.org/fulldisclosure/2020/May/53
- http://seclists.org/fulldisclosure/2020/May/59
- https://support.apple.com/HT211168
- https://support.apple.com/HT211170
- https://support.apple.com/HT211171
- https://support.apple.com/HT211175
- https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html
References
- http://zsh.sourceforge.net/releases.html
- https://github.com/XMB5/zsh-privileged-upgrade
- https://www.zsh.org/mla/zsh-announce/141
- https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/
- https://security.gentoo.org/glsa/202003-55
- https://support.apple.com/kb/HT211170
- https://support.apple.com/kb/HT211175
- https://support.apple.com/kb/HT211171
- https://support.apple.com/kb/HT211168
- http://seclists.org/fulldisclosure/2020/May/49
- http://seclists.org/fulldisclosure/2020/May/55
- http://seclists.org/fulldisclosure/2020/May/53
- http://seclists.org/fulldisclosure/2020/May/59
- https://support.apple.com/HT211168
- https://support.apple.com/HT211170
- https://support.apple.com/HT211171
- https://support.apple.com/HT211175
- https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.