Your submission was sent successfully! Close

CVE-2019-20044

Published: 24 February 2020

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
zsh
Launchpad, Ubuntu, Debian
bionic
Released (5.4.2-3ubuntu3.2)
eoan Ignored
(reached end-of-life)
focal Not vulnerable
(5.8-3ubuntu1)
groovy Not vulnerable
(5.8-3ubuntu1)
hirsute Not vulnerable
(5.8-3ubuntu1)
impish Not vulnerable
(5.8-3ubuntu1)
precise Does not exist

trusty Does not exist

upstream
Released (5.8-1)
xenial
Released (5.1.1-1ubuntu2.3+esm1)

Notes

AuthorNote
mdeslaur
reproducer in debian bug
low priority since upstream considers this to be a
"minor vulnerability"
rodrigo-zaiden
affects versions prior to 5.8, so only xenial and bionic
needed to be patched.

References

Bugs