Vulnerability CVE-2017-18206

Vulnerability Name:

CVE-2017-18206 (CCN-139762)

Assigned:

2017-05-09

Published:

2017-05-09

Updated:

2020-12-01

Summary:

In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119
CWE-120
CWE-121
CWE-121

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2017-18206

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:1932

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:3073

Source: XF
Type: UNKNOWN
zsh-cve201718206-bo(139762)

Source: MLIST
Type: UNKNOWN
[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update

Source: GENTOO
Type: Third Party Advisory
GLSA-201805-10

Source: CCN
Type: zsh Web page
40181: Fix buffer overrun in xsymlinks

Source: MISC
Type: Patch, Third Party Advisory
https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d

Source: UBUNTU
Type: Third Party Advisory
USN-3593-1

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2017-18206

Vulnerable Configuration:

Configuration 1:

cpe:/a:zsh:zsh:*:*:*:*:*:*:*:* (Version < 5.4)

Configuration 2:

cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 10:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:zsh:zsh:5.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201718206	V	CVE-2017-18206	2022-08-07
oval:org.opensuse.security:def:55318	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:55280	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:60395	P	Security update for python36 (Moderate)	2021-10-20
oval:org.opensuse.security:def:61395	P	alsa-1.1.5-6.6.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:59796	P	Security update for mariadb (Moderate)	2021-09-09
oval:org.opensuse.security:def:59774	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:59773	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:55206	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-15
oval:org.opensuse.security:def:12434	P	e2fsprogs-1.43.8-1.19 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12510	P	libXRes1-1.0.7-3.54 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61228	P	libdmx-devel-1.1.3-1.23 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12691	P	perl-XML-LibXML-2.0019-6.3.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12755	P	xinetd-2.3.15-8.8.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61130	P	bind-devel-9.11.2-10.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12442	P	facter-2.4.6-12.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12591	P	libopenssl-1_0_0-devel-1.0.2p-2.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:13393	P	libraptor2-0-2.0.10-3.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12733	P	tar-1.27.1-15.3.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12557	P	libid3tag0-0.15.1b-184.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61314	P	mailx-12.5-1.87 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12464	P	gnome-shell-search-provider-nautilus-3.20.3-23.6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12666	P	mariadb-10.2.18-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:13415	P	mipv6d-2.0.2.umip.0.4-19.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12742	P	unzip-6.00-33.8.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12572	P	libltdl7-2.4.2-17.4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61352	P	radvd-2.17-3.18 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:22128	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:44614	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:22509	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:23324	P	Security update for zsh (Important)	2020-12-01
oval:org.opensuse.security:def:60516	P	procmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:44806	P	Security update for glib2 (Important)	2020-12-01
oval:org.opensuse.security:def:54449	P	dbus-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:22627	P	Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:43779	P	Security update for openssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:44355	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:45444	P	Security update for augeas (Low)	2020-12-01
oval:org.opensuse.security:def:22331	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:60210	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:44720	P	Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:54038	P	libmikmod3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55006	P	rsyslog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56749	P	Security update for zsh (Important)	2020-12-01
oval:org.opensuse.security:def:22073	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:44163	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:22227	P	Security update for dbus-1 (Important)	2020-12-01
oval:org.opensuse.security:def:22548	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:53876	P	Security update for transfig (Moderate)	2020-12-01
oval:org.opensuse.security:def:60709	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:54555	P	libid3tag0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:22657	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:43883	P	Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:22081	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:44544	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:45492	P	Security update for zsh (Important)	2020-12-01
oval:org.opensuse.security:def:53875	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:22384	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:23295	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:44749	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:54276	P	libjpeg-turbo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:22615	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:55114	P	gdk-pixbuf-lang on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:43768	P	Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:44238	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:55399	P	tftp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:22291	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:59956	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:44669	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:53898	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:61010	P	Security update for dpdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:43767	P	Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:54721	P	accountsservice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56675	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:44048	P	Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) (Important)	2020-12-01
oval:com.redhat.rhsa:def:20183073	P	RHSA-2018:3073: zsh security and bug fix update (Moderate)	2018-10-30
oval:com.redhat.rhsa:def:20181932	P	RHSA-2018:1932: zsh security update (Moderate)	2018-06-19
oval:org.opensuse.security:def:85120	P	Security update for zsh (Important)	2018-04-25
oval:org.opensuse.security:def:79383	P	Security update for zsh (Important)	2018-04-25
oval:com.ubuntu.xenial:def:201718206000	V	CVE-2017-18206 on Ubuntu 16.04 LTS (xenial) - medium.	2018-02-27
oval:com.ubuntu.artful:def:201718206000	V	CVE-2017-18206 on Ubuntu 17.10 (artful) - medium.	2018-02-27
oval:com.ubuntu.xenial:def:2017182060000000	V	CVE-2017-18206 on Ubuntu 16.04 LTS (xenial) - medium.	2018-02-27
oval:com.ubuntu.trusty:def:201718206000	V	CVE-2017-18206 on Ubuntu 14.04 LTS (trusty) - medium.	2018-02-27

BACK