CVE-2019-20044

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
zshzsh
𝑥
< 5.8
debiandebian_linux
8.0
debiandebian_linux
9.0
appleipados
𝑥
< 13.5
appleiphone_os
𝑥
< 13.5
applemac_os_x
𝑥
< 10.15.5
applemac_os_x
10.13.0 ≤
𝑥
< 10.13.6
applemac_os_x
10.14.0 ≤
𝑥
< 10.14.6
applemac_os_x
10.15 ≤
𝑥
< 10.15.5
applemac_os_x
10.13.6
applemac_os_x
10.13.6:security_update_2018-002
applemac_os_x
10.13.6:security_update_2018-003
applemac_os_x
10.13.6:security_update_2019-001
applemac_os_x
10.13.6:security_update_2019-002
applemac_os_x
10.13.6:security_update_2019-003
applemac_os_x
10.13.6:security_update_2019-004
applemac_os_x
10.13.6:security_update_2019-005
applemac_os_x
10.13.6:security_update_2019-006
applemac_os_x
10.13.6:security_update_2019-007
applemac_os_x
10.13.6:security_update_2020-001
applemac_os_x
10.13.6:security_update_2020-002
applemac_os_x
10.14.6
applemac_os_x
10.14.6:security_update_2019-001
applemac_os_x
10.14.6:security_update_2019-002
applemac_os_x
10.14.6:security_update_2019-004
applemac_os_x
10.14.6:security_update_2019-005
applemac_os_x
10.14.6:security_update_2019-006
applemac_os_x
10.14.6:security_update_2019-007
applemac_os_x
10.14.6:security_update_2020-001
applemac_os_x
10.14.6:security_update_2020-002
appletvos
𝑥
< 13.4.5
applewatchos
𝑥
< 6.2.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
zsh
bullseye (security)
5.8-6+deb11u1
fixed
bullseye
5.8-6+deb11u1
fixed
buster
no-dsa
bookworm
5.9-4
fixed
sid
5.9-8
fixed
trixie
5.9-8
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zsh
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
needs-triage
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
ignored
bionic
Fixed 5.4.2-3ubuntu3.2
released
xenial
Fixed 5.1.1-1ubuntu2.3+esm1
released
trusty
dne
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2020/May/49
http://seclists.org/fulldisclosure/2020/May/53
http://seclists.org/fulldisclosure/2020/May/55
http://seclists.org/fulldisclosure/2020/May/59
http://zsh.sourceforge.net/releases.html
https://github.com/XMB5/zsh-privileged-upgrade
https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/
https://security.gentoo.org/glsa/202003-55
https://support.apple.com/HT211168
https://support.apple.com/HT211170
https://support.apple.com/HT211171
https://support.apple.com/HT211175
https://support.apple.com/kb/HT211168
https://support.apple.com/kb/HT211170
https://support.apple.com/kb/HT211171
https://support.apple.com/kb/HT211175
https://www.zsh.org/mla/zsh-announce/141
http://seclists.org/fulldisclosure/2020/May/49
http://seclists.org/fulldisclosure/2020/May/53
http://seclists.org/fulldisclosure/2020/May/55
http://seclists.org/fulldisclosure/2020/May/59
http://zsh.sourceforge.net/releases.html
https://github.com/XMB5/zsh-privileged-upgrade
https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/
https://security.gentoo.org/glsa/202003-55
https://support.apple.com/HT211168
https://support.apple.com/HT211170
https://support.apple.com/HT211171
https://support.apple.com/HT211175
https://support.apple.com/kb/HT211168
https://support.apple.com/kb/HT211170
https://support.apple.com/kb/HT211171
https://support.apple.com/kb/HT211175
https://www.zsh.org/mla/zsh-announce/141