PT-2019-5765 · Zsh Developers+7 · Zsh+7

Sam Foxman

Published

2019-12-27

Updated

2024-06-15

CVE-2019-20044

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zsh versions prior to 5.8

Description The issue is related to the incorrect overwriting of the saved uid in the Zsh command-line shell, allowing attackers who can execute commands to regain dropped privileges. This can be achieved by executing MODULE PATH=/dir/with/module zmodload with a module that calls setuid(), thus restoring the original privileges. The exploitation of this issue may allow an attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to 5.8, update to version 5.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the zmodload command with modules that call setuid() to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-273

Related Identifiers

ALSA-2020:0903

BDU:2021-01493

CESA-2020_0853

CESA-2020_0892

CESA-2020_0903

CVE-2019-20044

DLA-2117-1

DLA-2470-1

MGASA-2020-0107

OPENSUSE-SU-2022:0735-1

OPENSUSE-SU-2022_0735-1

OPENSUSE-SU-2024:11543-1

RHSA-2020:0853

RHSA-2020:0892

RHSA-2020:0903

RHSA-2020:0978

RHSA-2020_0853

RHSA-2020_0892

RHSA-2020_0903

RLSA-2020:0903

SUSE-SU-2022:0732-1

SUSE-SU-2022:0733-1

SUSE-SU-2022:0735-1

SUSE-SU-2022:14910-1

SUSE-SU-2022_0732-1

SUSE-SU-2022_0735-1

SUSE-SU-2022_14910-1

USN-5325-1

Affected Products

Almalinux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Zsh

PT-2019-5765 · Zsh Developers+7 · Zsh+7

CVE-2019-20044

Weakness Enumeration

Related Identifiers

Affected Products

References · 141