PublicDateAtUSN: 2020-02-24 14:15:00 UTC Candidate: CVE-2019-20044 PublicDate: 2020-02-24 14:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20044 https://www.zsh.org/mla/zsh-announce/141 https://ubuntu.com/security/notices/USN-5325-1 Description: In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). Ubuntu-Description: Notes: mdeslaur> reproducer in debian bug mdeslaur> low priority since upstream considers this to be a mdeslaur> "minor vulnerability" rodrigo-zaiden> affects versions prior to 5.8, so only xenial and bionic rodrigo-zaiden> needed to be patched. Mitigation: Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951458 Priority: low Discovered-by: Sam Foxman Assigned-to: CVSS: nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH] Patches_zsh: upstream: https://sourceforge.net/p/zsh/code/ci/24e993db62cf146fb76ebcf677a4a7aa3766fc74/ upstream: https://sourceforge.net/p/zsh/code/ci/8250c5c168f07549ed646e6848e6dda118271e23/ upstream: https://sourceforge.net/p/zsh/code/ci/26d02efa7a9b0a6b32e1a8bbc6aca6c544b94211/ upstream: https://sourceforge.net/p/zsh/code/ci/4ce66857b71b40a0661df3780ff557f2b0f4cb13/ upstream: https://sourceforge.net/p/zsh/code/ci/b15bd4aa590db8087d1e8f2eb1af2874f5db814d/ upstream: https://sourceforge.net/p/zsh/code/ci/048f40b68b05fdd5f3f8d60cda4e69fce2611331/ upstream: https://sourceforge.net/p/zsh/code/ci/4bec892059cf3e95ab256c3fcbc85daaa648c2d9/ upstream_zsh: released (5.8-1) precise/esm_zsh: DNE trusty_zsh: ignored (out of standard support) trusty/esm_zsh: DNE xenial_zsh: ignored (end of standard support, was needs-triage) esm-infra/xenial_zsh: released (5.1.1-1ubuntu2.3+esm1) bionic_zsh: released (5.4.2-3ubuntu3.2) eoan_zsh: ignored (reached end-of-life) focal_zsh: not-affected (5.8-3ubuntu1) groovy_zsh: not-affected (5.8-3ubuntu1) hirsute_zsh: not-affected (5.8-3ubuntu1) impish_zsh: not-affected (5.8-3ubuntu1) devel_zsh: not-affected (5.8-3ubuntu1)