CVE-2014-10070 (retired)

Priority
Description
zsh before 5.0.7 allows evaluation of the initial values of integer
variables imported from the environment (instead of treating them as
literal numbers). That could allow local privilege escalation, under some
specific and atypical conditions where zsh is being invoked in
privilege-elevation contexts when the environment has not been properly
sanitized, such as when zsh is invoked by sudo on systems where "env_reset"
has been disabled.
Notes
Package
Source: zsh (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
More Information

Updated: 2019-10-09 07:49:38 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)