In Zsh prior to 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zsh zsh |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
apple mac os x |
||
apple iphone os |
||
apple watchos |
||
apple tvos |
||
apple ipados |
||
apple mac os x 10.14.6 |
||
apple mac os x 10.13.6 |