PT-2017-4059 · Zsh+5 · Zsh+5

Richard Maciel Costa

Publicado

2017-12-04

Atualizado

2024-06-15

CVE-2018-1100

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions zsh versions 5.4.2 and earlier

Description The issue is related to a stack-based buffer overflow in the checkmailpath function, located in utils.c. This could allow a local attacker to execute arbitrary code in the context of another user, potentially leading to unauthorized access to confidential data, disruption of data integrity, and denial of service.

Recommendations For zsh versions 5.4.2 and earlier, consider disabling the checkmailpath function as a temporary workaround until a patch is available. Restrict access to sensitive data and ensure proper user privileges to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-120CWE-787

Identificadores relacionados

ALT-PU-2018-2144

BDU:2021-01390

CESA-2018_1932

CESA-2018_3073

CVE-2018-1100

DLA-2470-1

OPENSUSE-SU-2018_1893-1

OPENSUSE-SU-2018_2966-1

OPENSUSE-SU-2024:11543-1

RHSA-2018:1932

RHSA-2018:3073

RHSA-2018_1932

RHSA-2018_3073

SUSE-SU-2018:1037-1

SUSE-SU-2018:1874-1

SUSE-SU-2018_1037-1

SUSE-SU-2022:0733-1

SUSE-SU-2022_0733-1

USN-3764-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Zsh

PT-2017-4059 · Zsh+5 · Zsh+5

CVE-2018-1100

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 103