7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
80.7%
Issue Overview:
A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do a symbolic link resolution in the aforementioned path. If the user affected is privileged, this leads to privilege escalation.(CVE-2017-18206)
A buffer overflow flaw was found in the zsh shell auto-complete functionality. A local, unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use auto-complete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.(CVE-2018-1083)
A NULL pointer dereference flaw was found in the code responsible for saving hashtables of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell.(CVE-2018-7549)
A NULL pointer dereference flaw was found in the code responsible for the cd builtin command of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell.(CVE-2017-18205)
A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do symbolic link resolution in the aforementioned path. An attacker could exploit this vulnerability to cause a denial of service condition on the target.(CVE-2014-10072)
A buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom “you have new mail” message, leads to code execution in the context of the user who receives the message. If the user affected is privileged, this leads to privilege escalation.(CVE-2018-1100)
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.(CVE-2018-1071)
A buffer overflow flaw was found in the zsh shell file descriptor redirection functionality. An attacker could use this flaw to cause a denial of service by crashing the user shell.(CVE-2014-10071)
Affected Packages:
zsh
Issue Correction:
Run yum update zsh to update your system.
New Packages:
i686:
zsh-5.0.2-31.17.amzn1.i686
zsh-html-5.0.2-31.17.amzn1.i686
zsh-debuginfo-5.0.2-31.17.amzn1.i686
src:
zsh-5.0.2-31.17.amzn1.src
x86_64:
zsh-5.0.2-31.17.amzn1.x86_64
zsh-debuginfo-5.0.2-31.17.amzn1.x86_64
zsh-html-5.0.2-31.17.amzn1.x86_64
Red Hat: CVE-2014-10071, CVE-2014-10072, CVE-2017-18205, CVE-2017-18206, CVE-2018-1071, CVE-2018-1083, CVE-2018-1100, CVE-2018-7549
Mitre: CVE-2014-10071, CVE-2014-10072, CVE-2017-18205, CVE-2017-18206, CVE-2018-1071, CVE-2018-1083, CVE-2018-1100, CVE-2018-7549
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | zsh | < 5.0.2-31.17.amzn1 | zsh-5.0.2-31.17.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | zsh-html | < 5.0.2-31.17.amzn1 | zsh-html-5.0.2-31.17.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | zsh-debuginfo | < 5.0.2-31.17.amzn1 | zsh-debuginfo-5.0.2-31.17.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | zsh | < 5.0.2-31.17.amzn1 | zsh-5.0.2-31.17.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | zsh-debuginfo | < 5.0.2-31.17.amzn1 | zsh-debuginfo-5.0.2-31.17.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | zsh-html | < 5.0.2-31.17.amzn1 | zsh-html-5.0.2-31.17.amzn1.x86_64.rpm |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
80.7%