Launchpad CVE tracker

CVE 2019-20044

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

See the

CVE page on Mitre.org for more details.

References

MISC: http://zsh.sourceforge...
MISC: https://github.com/XMB...
MISC: https://www.zsh.org/ml...
MLIST: [debian-lts-announce] ...
FEDORA: FEDORA-2020-3f38f3e517
FEDORA: FEDORA-2020-9009363f0f
GENTOO: GLSA-202003-55
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
FULLDISC: 20200529 APPLE-SA-2020...
FULLDISC: 20200529 APPLE-SA-2020...
FULLDISC: 20200529 APPLE-SA-2020...
FULLDISC: 20200529 APPLE-SA-2020...
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
MLIST: [debian-lts-announce] ...

Launchpad.net

CVE 2019-20044

Related bugs

References