Published: 24/02/2020 Updated: 07/11/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

In Zsh prior to 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

Vulnerable Product	Search on Vulmon	Subscribe to Product
zsh zsh
fedoraproject fedora 30
fedoraproject fedora 31
debian debian linux 8.0
debian debian linux 9.0
apple mac os x
apple iphone os
apple watchos
apple tvos
apple ipados
apple mac os x 10.14.6
apple mac os x 10.13.6

Debian Bug report logs - #951458 zsh: CVE-2019-20044: insecure dropping of privileges when unsetting PRIVILEGED option Package: zsh; Maintainer for zsh is Debian Zsh Maintainers <pkg-zsh-devel@listsaliothdebianorg>; Source for zsh is src:zsh (PTS, buildd, popcon) Reported by: Axel Beckert <abe@debianorg> Date: Su ...

Several security issues were fixed in Zsh ...

Synopsis Important: zsh security update Type/Severity Security Advisory: Important Topic An update for zsh is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...

Synopsis Important: zsh security update Type/Severity Security Advisory: Important Topic An update for zsh is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...

Synopsis Important: zsh security update Type/Severity Security Advisory: Important Topic An update for zsh is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...

Synopsis Important: zsh security update Type/Severity Security Advisory: Important Topic An update for zsh is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...

In Zsh before 58, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid() (CVE-2019-20044) ...

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2020-05-26-3 macOS Catalina 10155, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra <! ...

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2020-05-26-4 tvOS 1345   From: Apple Product Security ...

Tema-zsh THE Z SHELL (ZSH) Version This is version 59 of the shell This is a security and feature release There are several visible improvements since 581, as well as bug fixes All zsh installations are encouraged to upgrade as soon as possible Note in particular the changes highlighted under "Incompatibilities since 581" below See NEWS for more informati

CVE-2019-20044

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect