Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-20044

Опубликовано: 16 фев. 2020
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

A flaw was found in zsh. When unsetting the PRIVILEGED option, the shell sets its effective user and group IDs to match their respective real IDs. When the RUID and EUID were both non-zero, it is possible to regain the shell's former privileges. Also, the setopt built-in did not correctly report errors when unsetting the option, which prevented users from handling them as the documentation recommended. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5zshOut of support scope
Red Hat Enterprise Linux 6zshFixedRHSA-2020:089218.03.2020
Red Hat Enterprise Linux 7zshFixedRHSA-2020:085317.03.2020
Red Hat Enterprise Linux 8zshFixedRHSA-2020:090319.03.2020
Red Hat Enterprise Linux 8zshFixedRHSA-2020:090319.03.2020
Red Hat Enterprise Linux 8.0 Update Services for SAP SolutionszshFixedRHSA-2020:097826.03.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-271
https://bugzilla.redhat.com/show_bug.cgi?id=1804859zsh: insecure dropping of privileges when unsetting PRIVILEGED option

EPSS

Процентиль: 21%
0.00068
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-20044

CVSS3: 7.8
ubuntu
почти 6 лет назад

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

nvd логотип

CVE-2019-20044

CVSS3: 7.8
nvd
почти 6 лет назад

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

debian логотип

CVE-2019-20044

CVSS3: 7.8
debian
почти 6 лет назад

In Zsh before 5.8, attackers able to execute commands can regain privi ...

rocky логотип

RLSA-2020:0903

rocky
больше 5 лет назад

Important: zsh security update

github логотип

GHSA-gwf9-995r-26hx

CVSS3: 7.8
github
больше 3 лет назад

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

EPSS

Процентиль: 21%
0.00068
Низкий

7.8 High

CVSS3