PT-2018-3619 · Zsh+5 · Zsh+5

Daniel Shahaf

Publicado

2018-07-05

Atualizado

2024-06-15

CVE-2018-13259

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions zsh versions prior to 5.6

Description An issue was discovered in zsh where shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to 5.6, update to version 5.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of shebang lines exceeding 64 characters until a patch is available. Restrict access to sensitive data and systems to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2018-2654

BDU:2021-01388

CESA-2019_2017

CVE-2018-13259

DLA-2470-1

OPENSUSE-SU-2018_2741-1

OPENSUSE-SU-2018_2966-1

OPENSUSE-SU-2024:11543-1

RHSA-2019:2017

RHSA-2019_2017

SUSE-SU-2018:2686-1

SUSE-SU-2022:0161-1

SUSE-SU-2022:14910-1

SUSE-SU-2022_14910-1

USN-3764-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Zsh

PT-2018-3619 · Zsh+5 · Zsh+5

CVE-2018-13259

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 99