Your submission was sent successfully! Close

CVE-2019-20044

Published: 24 February 2020

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
zsh
Launchpad, Ubuntu, Debian
Upstream
Released (5.8-1)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(5.8-3ubuntu1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(5.8-3ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(5.8-3ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://sourceforge.net/p/zsh/code/ci/24e993db62cf146fb76ebcf677a4a7aa3766fc74/
Upstream: https://sourceforge.net/p/zsh/code/ci/8250c5c168f07549ed646e6848e6dda118271e23/
Upstream: https://sourceforge.net/p/zsh/code/ci/26d02efa7a9b0a6b32e1a8bbc6aca6c544b94211/
Upstream: https://sourceforge.net/p/zsh/code/ci/4ce66857b71b40a0661df3780ff557f2b0f4cb13/
Upstream: https://sourceforge.net/p/zsh/code/ci/b15bd4aa590db8087d1e8f2eb1af2874f5db814d/
Upstream: https://sourceforge.net/p/zsh/code/ci/048f40b68b05fdd5f3f8d60cda4e69fce2611331/
Upstream: https://sourceforge.net/p/zsh/code/ci/4bec892059cf3e95ab256c3fcbc85daaa648c2d9/

Notes

AuthorNote
mdeslaur
reproducer in debian bug
low priority since upstream considers this to be a
"minor vulnerability"

References

Bugs