Vulnerability Name:

CVE-2019-20044 (CCN-176955)

Assigned:2019-12-27
Published:2019-12-27
Updated:2023-01-09
Summary:In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-271
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2019-20044

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: CCN
Type: Zsh Web site
Zsh Release Notes

Source: cve@mitre.org
Type: Release Notes, Third Party Advisory
cve@mitre.org

Source: XF
Type: UNKNOWN
zsh-cve201920044-priv-esc(176955)

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: Apple security document HT211168
About the security content of iOS 13.5 and iPadOS 13.5

Source: CCN
Type: Apple security document HT211170
About the security content of macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra

Source: CCN
Type: Apple security document HT211171
About the security content of tvOS 13.4.5

Source: CCN
Type: Apple security document HT211175
About the security content of watchOS 6.2.5

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-20044

Source: cve@mitre.org
Type: Release Notes, Vendor Advisory
cve@mitre.org

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*
    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
    • Configuration RedHat 10:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
    • Configuration RedHat 11:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 12:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*
    • Configuration RedHat 13:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 14:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:zsh:zsh:5.7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7844
    P
    		zsh-5.6-7.5.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3238
    P
    		libprocps3-3.3.9-11.18.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94868
    P
    		zsh-5.6-7.5.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94058
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:961
    P
    		Security update for zsh (Important)
    2022-03-04
    oval:org.opensuse.security:def:99219
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:125811
    P
    		Security update for zsh (Important)
    2022-03-04
    oval:org.opensuse.security:def:6182
    P
    		Security update for zsh (Important)
    2022-03-04
    oval:org.opensuse.security:def:93484
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:100426
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:119329
    P
    		Security update for zsh (Important)
    2022-03-04
    oval:org.opensuse.security:def:94272
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:99493
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:126974
    P
    		Security update for zsh (Important)
    2022-03-04
    oval:org.opensuse.security:def:118834
    P
    		Security update for zsh (Important)
    2022-03-04
    oval:org.opensuse.security:def:93635
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:100760
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:119512
    P
    		Security update for zsh (Important)
    2022-03-04
    oval:org.opensuse.security:def:94479
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:93166
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:99755
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:127372
    P
    		Security update for zsh (Important)
    2022-03-04
    oval:org.opensuse.security:def:119024
    P
    		Security update for zsh (Important)
    2022-03-04
    oval:org.opensuse.security:def:93846
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:101653
    P
    		Security update for zsh (Important)
    2022-03-04
    oval:org.opensuse.security:def:119697
    P
    		Security update for zsh (Important)
    2022-03-04
    oval:org.opensuse.security:def:93324
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:100088
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:119135
    P
    		Security update for zsh (Important)
    2022-03-04
    oval:org.opensuse.security:def:113629
    P
    		zsh-5.8-7.7 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:107010
    P
    		zsh-5.8-7.7 on GA media (Moderate)
    2021-10-01
    oval:com.redhat.rhsa:def:20200903
    P
    		RHSA-2020:0903: zsh security update (Important)
    2020-03-19
    oval:com.redhat.rhsa:def:20200892
    P
    		RHSA-2020:0892: zsh security update (Important)
    2020-03-18
    oval:com.redhat.rhsa:def:20200853
    P
    		RHSA-2020:0853: zsh security update (Important)
    2020-03-17
    oval:com.ubuntu.bionic:def:2019200440000000
    V
    		CVE-2019-20044 on Ubuntu 18.04 LTS (bionic) - low.
    2020-02-24
    oval:com.ubuntu.xenial:def:2019200440000000
    V
    		CVE-2019-20044 on Ubuntu 16.04 LTS (xenial) - low.
    2020-02-24
    BACK
    zsh zsh 5.7