Описание
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.
A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do a symbolic link resolution in the aforementioned path. If the user affected is privileged, this leads to privilege escalation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | zsh | Will not fix | ||
| Red Hat Enterprise Linux 8 | zsh | Not affected | ||
| Red Hat Enterprise Linux 6 | zsh | Fixed | RHSA-2018:1932 | 19.06.2018 |
| Red Hat Enterprise Linux 7 | zsh | Fixed | RHSA-2018:3073 | 30.10.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.
EPSS
7.5 High
CVSS3