Vulnerability CVE-2018-13259

Vulnerability Name:

CVE-2018-13259 (CCN-149634)

Assigned:

2018-09-04

Published:

2018-09-04

Updated:

2020-12-01

Summary:

An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2018-13259

Source: REDHAT
Type: UNKNOWN
RHSA-2019:2017

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
https://bugs.debian.org/908000

Source: CCN
Type: Debian Bug report logs - #908000
zsh: CVE-2018-0502 + CVE-2018-13259: Two security bugs in shebang line parsing

Source: XF
Type: UNKNOWN
zsh-cve201813259-weak-security(149634)

Source: MLIST
Type: UNKNOWN
[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update

Source: GENTOO
Type: Third Party Advisory
GLSA-201903-02

Source: MISC
Type: Patch, Third Party Advisory
https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d

Source: UBUNTU
Type: Third Party Advisory
USN-3764-1

Source: CCN
Type: Zsh Web site
Welcome to Zsh

Source: MISC
Type: Mailing List, Release Notes, Vendor Advisory
https://www.zsh.org/mla/zsh-announce/136

Vulnerable Configuration:

Configuration 1:

cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Configuration 2:

cpe:/a:zsh:zsh:*:*:*:*:*:*:*:* (Version < 5.6)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:zsh:zsh:5.5:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201813259	V	CVE-2018-13259	2023-06-22
oval:org.opensuse.security:def:7844	P	zsh-5.6-7.5.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:599	P	Security update for git (Important)	2022-07-26
oval:org.opensuse.security:def:3238	P	libprocps3-3.3.9-11.18.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94868	P	zsh-5.6-7.5.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:928	P	Security update for python3 (Important) (in QA)	2022-06-16
oval:org.opensuse.security:def:347	P	zsh-5.6-5.17 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:125706	P	Security update for zsh (Important)	2022-01-24
oval:org.opensuse.security:def:126872	P	Security update for zsh (Important)	2022-01-24
oval:org.opensuse.security:def:6031	P	Security update for zsh (Important)	2022-01-24
oval:org.opensuse.security:def:127269	P	Security update for zsh (Important)	2022-01-24
oval:org.opensuse.security:def:113629	P	zsh-5.8-7.7 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:70020	P	Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container (Important) (in QA)	2022-01-03
oval:org.opensuse.security:def:100697	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:1225	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:1276	P	Security update for the Linux Kernel (Important)	2021-11-11
oval:org.opensuse.security:def:93984	P	(Moderate)	2021-11-09
oval:org.opensuse.security:def:107010	P	zsh-5.8-7.7 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:89843	P	zsh-5.6-5.17 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61688	P	zsh-5.6-5.17 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71429	P	zsh-5.6-5.17 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71199	P	graphite2-devel-1.3.11-2.12 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103498	P	zsh-5.6-5.17 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96808	P	zsh-5.6-5.17 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:69915	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:47673	P	libXdmcp6-1.1.1-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47757	P	libopus0-1.1-3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48035	P	gtk2-data-2.24.31-9.6.28 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48071	P	libX11-6-1.6.2-12.5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47121	P	pcsc-ccid-1.4.14-1.42 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48181	P	libpython3_4m1_0-3.4.6-25.29.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48295	P	rpm-32bit-4.11.2-16.21.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47256	P	freeradius-server-3.0.14-1.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48277	P	procmail-3.22-269.3.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47581	P	crash-7.2.1-2.19 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47743	P	libmpfr4-3.1.2-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47821	P	libzypp-16.19.0-2.36.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47878	P	rrdtool-1.4.7-20.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47120	P	patch-2.7.5-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48119	P	libgraphite2-3-1.3.1-10.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48203	P	libtag1-1.9.1-1.218 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47135	P	python-cupshelpers-1.5.7-7.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48246	P	ntp-4.2.8p13-85.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47449	P	ntp-4.2.8p10-63.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47742	P	libmodplug1-0.8.9.0+git20170610.f6dd59a-15.4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48348	P	xorg-x11-libs-7.6-45.14 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:72106	P	zsh-5.6-5.17 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101123	P	zsh-5.6-5.17 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62365	P	zsh-5.6-5.17 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:48868	P	libqt4-sql-mysql-32bit-4.8.6-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48970	P	typelib-1_0-Gtk-2_0-2.24.31-7.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48657	P	yast2-3.1.206-36.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71086	P	python2-pycrypto-2.6.1-1.28 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48803	P	libssh4-0.6.3-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48899	P	empathy-3.12.13-8.3.28 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48443	P	hardlink-1.0-6.38 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48741	P	libproxy1-networkmanager-32bit-0.4.11-11.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:67746	P	Security update for the Linux Kernel (Live Patch 18 for SLE 15) (Important)	2021-04-07
oval:org.opensuse.security:def:64499	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:49040	P	libvdpau1-32bit-1.1.1-6.73 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1863	P	glibc-devel-32bit-2.26-8.21 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:48986	P	gcc48-gij-32bit-4.8.5-31.20.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62017	P	zsh-5.6-5.17 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116921	P	zsh-5.6-5.17 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71758	P	zsh-5.6-5.17 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107363	P	zsh-5.6-5.17 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:50246	P	libreoffice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66664	P	zsh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49369	P	zsh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64412	P	libzmq5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67846	P	zsh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50300	P	Security update for zsh (Important)	2020-12-01
oval:org.opensuse.security:def:66572	P	mozilla-nspr-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73237	P	libunwind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73355	P	zsh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49315	P	python3-pip on GA media (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20192017	P	RHSA-2019:2017: zsh security and bug fix update (Moderate)	2019-08-06
oval:com.ubuntu.bionic:def:201813259000	V	CVE-2018-13259 on Ubuntu 18.04 LTS (bionic) - medium.	2018-09-05
oval:com.ubuntu.bionic:def:2018132590000000	V	CVE-2018-13259 on Ubuntu 18.04 LTS (bionic) - medium.	2018-09-05
oval:com.ubuntu.trusty:def:201813259000	V	CVE-2018-13259 on Ubuntu 14.04 LTS (trusty) - medium.	2018-09-05
oval:com.ubuntu.xenial:def:2018132590000000	V	CVE-2018-13259 on Ubuntu 16.04 LTS (xenial) - medium.	2018-09-05
oval:com.ubuntu.xenial:def:201813259000	V	CVE-2018-13259 on Ubuntu 16.04 LTS (xenial) - medium.	2018-09-05

BACK