{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid()."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-01T06:06:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://zsh.sourceforge.net/releases.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/XMB5/zsh-privileged-upgrade"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zsh.org/mla/zsh-announce/141"}, {"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2117-1] zsh security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html"}, {"name": "FEDORA-2020-3f38f3e517", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/"}, {"name": "FEDORA-2020-9009363f0f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/"}, {"name": "GLSA-202003-55", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-55"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT211170"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT211175"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT211171"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT211168"}, {"name": "20200529 APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/May/49"}, {"name": "20200529 APPLE-SA-2020-05-26-5 watchOS 6.2.5", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/May/55"}, {"name": "20200529 APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/May/53"}, {"name": "20200529 APPLE-SA-2020-05-26-4 tvOS 13.4.5", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/May/59"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT211168"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT211170"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT211171"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT211175"}, {"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-20044", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid()."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://zsh.sourceforge.net/releases.html", "refsource": "MISC", "url": "http://zsh.sourceforge.net/releases.html"}, {"name": "https://github.com/XMB5/zsh-privileged-upgrade", "refsource": "MISC", "url": "https://github.com/XMB5/zsh-privileged-upgrade"}, {"name": "https://www.zsh.org/mla/zsh-announce/141", "refsource": "MISC", "url": "https://www.zsh.org/mla/zsh-announce/141"}, {"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2117-1] zsh security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html"}, {"name": "FEDORA-2020-3f38f3e517", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/"}, {"name": "FEDORA-2020-9009363f0f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/"}, {"name": "GLSA-202003-55", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-55"}, {"name": "https://support.apple.com/kb/HT211170", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT211170"}, {"name": "https://support.apple.com/kb/HT211175", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT211175"}, {"name": "https://support.apple.com/kb/HT211171", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT211171"}, {"name": "https://support.apple.com/kb/HT211168", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT211168"}, {"name": "20200529 APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/May/49"}, {"name": "20200529 APPLE-SA-2020-05-26-5 watchOS 6.2.5", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/May/55"}, {"name": "20200529 APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/May/53"}, {"name": "20200529 APPLE-SA-2020-05-26-4 tvOS 13.4.5", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/May/59"}, {"name": "https://support.apple.com/HT211168", "refsource": "CONFIRM", "url": "https://support.apple.com/HT211168"}, {"name": "https://support.apple.com/HT211170", "refsource": "CONFIRM", "url": "https://support.apple.com/HT211170"}, {"name": "https://support.apple.com/HT211171", "refsource": "CONFIRM", "url": "https://support.apple.com/HT211171"}, {"name": "https://support.apple.com/HT211175", "refsource": "CONFIRM", "url": "https://support.apple.com/HT211175"}, {"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:32:10.480Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://zsh.sourceforge.net/releases.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/XMB5/zsh-privileged-upgrade"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zsh.org/mla/zsh-announce/141"}, {"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2117-1] zsh security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html"}, {"name": "FEDORA-2020-3f38f3e517", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/"}, {"name": "FEDORA-2020-9009363f0f", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/"}, {"name": "GLSA-202003-55", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-55"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT211170"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT211175"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT211171"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT211168"}, {"name": "20200529 APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/May/49"}, {"name": "20200529 APPLE-SA-2020-05-26-5 watchOS 6.2.5", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/May/55"}, {"name": "20200529 APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/May/53"}, {"name": "20200529 APPLE-SA-2020-05-26-4 tvOS 13.4.5", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/May/59"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT211168"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT211170"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT211171"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT211175"}, {"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-20044", "datePublished": "2020-02-24T13:09:43", "dateReserved": "2019-12-27T00:00:00", "dateUpdated": "2024-08-05T02:32:10.480Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zsh:zsh:*:*:*:*:*:*:*:*", "matchCriteriaId": "334E1948-F09E-438D-8A9F-E1D7573EC29B", "versionEndExcluding": "5.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "9145C3CB-429B-4FB8-A0AC-B543E9FFF938", "versionEndExcluding": "13.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C09256B-04A9-4D08-A791-8022B5AC5B14", "versionEndExcluding": "13.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "99973242-A249-4C34-B042-5F833AE73708", "versionEndExcluding": "10.15.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "2DA1C24E-B74D-4C8C-931D-AE35BFB4F0CC", "versionEndExcluding": "10.13.6", "versionStartIncluding": "10.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E76BECE-0843-4B9F-90DE-7690764701B0", "versionEndExcluding": "10.14.6", "versionStartIncluding": "10.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABAA703D-5FAB-4773-B4A2-759685B17ACB", "versionEndExcluding": "10.15.5", "versionStartIncluding": "10.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*", "matchCriteriaId": "297D2D0C-EA9D-4B2C-9357-D88DB6C7143A", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*", "matchCriteriaId": "0D845143-1B4D-478B-B83E-8F1664CBCAC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*", "matchCriteriaId": "23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*", "matchCriteriaId": "754A2DF4-8724-4448-A2AB-AC5442029CB7", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*", "matchCriteriaId": "D392C777-1949-4920-B459-D083228E4688", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*", "matchCriteriaId": "68B0A232-F2A4-4B87-99EB-3A532DFA87DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*", "matchCriteriaId": "0DF528F7-0F1E-4E55-A088-91327E3C360C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*", "matchCriteriaId": "E222445A-D398-47C8-9639-4BAE36B69AA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*", "matchCriteriaId": "9425DAC8-038D-4B09-A074-3780AED912FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*", "matchCriteriaId": "8EA63C1C-1EEC-4961-A7B7-439D21293B99", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "B2F5D631-2306-4526-BEE5-22456D95ABAB", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*", "matchCriteriaId": "F79B7361-F2F2-4FA6-A27D-CC8F2D37A726", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", "matchCriteriaId": "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", "matchCriteriaId": "CFE26ECC-A2C2-4501-9950-510DE0E1BD86", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", "matchCriteriaId": "26108BEF-0847-4AB0-BD98-35344DFA7835", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*", "matchCriteriaId": "A369D48B-6A0A-47AE-9513-D5E2E6F30931", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*", "matchCriteriaId": "510F8317-94DA-498E-927A-83D5F41AF54A", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*", "matchCriteriaId": "0D5D1970-6D2A-42CA-A203-42023D71730D", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*", "matchCriteriaId": "C68AE52B-5139-40A4-AE9A-E752DBF07D1B", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "0FD3467D-7679-479F-9C0B-A93F7CD0929D", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", "matchCriteriaId": "D4C6098E-EDBD-4A85-8282-B2E9D9333872", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "87753A67-6F9D-4264-BCEB-0694281F0477", "versionEndExcluding": "13.4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "85301873-69B8-4A21-9EFD-F69A5E1ABF40", "versionEndExcluding": "6.2.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid()."}, {"lang": "es", "value": "En Zsh versiones anteriores a 5.8, los atacantes capaces de ejecutar comandos pueden recuperar privilegios eliminados mediante la opci\u00f3n --no-PRIVILEGED. Zsh presenta un fallo al sobrescribir el uid guardado, ya que los privilegios originales pueden ser restaurados mediante una ejecuci\u00f3n de zmodload de MODULE_PATH=/dir/with/module con un m\u00f3dulo que llama a la funci\u00f3n setuid()."}], "id": "CVE-2019-20044", "lastModified": "2023-11-07T03:08:38.823", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-24T14:15:11.667", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/May/49"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/May/53"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/May/55"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/May/59"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "http://zsh.sourceforge.net/releases.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://github.com/XMB5/zsh-privileged-upgrade"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-55"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/HT211168"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/HT211170"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/HT211171"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/HT211175"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT211168"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT211170"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT211171"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT211175"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.zsh.org/mla/zsh-announce/141"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-273"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:0892", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "zsh-0:4.3.11-11.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-03-18T00:00:00Z"}, {"advisory": "RHSA-2020:0853", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "zsh-0:5.0.2-34.el7_7.2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-17T00:00:00Z"}, {"advisory": "RHSA-2020:0903", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "zsh-0:5.5.1-6.el8_1.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-03-19T00:00:00Z"}, {"advisory": "RHSA-2020:0903", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "zsh-0:5.5.1-6.el8_1.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-03-19T00:00:00Z"}, {"advisory": "RHSA-2020:0978", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "zsh-0:5.5.1-6.el8_0.2", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-03-26T00:00:00Z"}], "bugzilla": {"description": "zsh: insecure dropping of privileges when unsetting PRIVILEGED option", "id": "1804859", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804859"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-271", "details": ["In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().", "A flaw was found in zsh. When unsetting the PRIVILEGED option, the shell sets its effective user and group IDs to match their respective real IDs. When the RUID and EUID were both non-zero, it is possible to regain the shell's former privileges. Also, the setopt built-in did not correctly report errors when unsetting the option, which prevented users from handling them as the documentation recommended. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2019-20044", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "zsh", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2020-02-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-20044\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20044\nhttp://zsh.sourceforge.net/releases.html"], "threat_severity": "Important", "upstream_fix": "zsh 5.8"}