Informazioni sul CVE-2019-20044

N/A

CWE ID: N/A

Base Score (CVSS): N/A

CVE: CVE-2019-20044

Descrizione: In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the –no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

Vettore di attacco

Punteggio CVSS

Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.

Punteggio Base (calcolato da AziendaSicura): 0.0 (None)

Riassunto: .

Dettaglio del Vettore

Metrica	Valore	Significato	Descrizione

Riferimenti esterni

http://zsh.sourceforge.net/releases.html
https://github.com/XMB5/zsh-privileged-upgrade
https://www.zsh.org/mla/zsh-announce/141
https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/
https://security.gentoo.org/glsa/202003-55
https://support.apple.com/kb/HT211170
https://support.apple.com/kb/HT211175
https://support.apple.com/kb/HT211171
https://support.apple.com/kb/HT211168
http://seclists.org/fulldisclosure/2020/May/49
http://seclists.org/fulldisclosure/2020/May/55
http://seclists.org/fulldisclosure/2020/May/53
http://seclists.org/fulldisclosure/2020/May/59
https://support.apple.com/HT211168
https://support.apple.com/HT211170
https://support.apple.com/HT211171
https://support.apple.com/HT211175
https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html

Prodotti interessati

n/a – n/a

Relazioni con altri prodotti

Nessun prodotto trovato per il CVE: cve-2019-20044