Lucene search
Redhat.comRH:CVE-2014-10070HistoryMar 02, 2018 - 6:49 a.m.
CVE-2014-10070
2018-03-0206:49:25
redhat.com
access.redhat.com
10
0.0004 Low
EPSS
Percentile
5.1%
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where “env_reset” has been disabled.
Mitigation
Don't allow environment variables 'OPTIND' and 'TRY_BLOCK_ERROR' to be inherited by shells called through zsh.
Mitigated by default on Red Hat Enterprise Linux versions 5, 6 and 7, since this is the default configuration on those versions.
Related
debiancve
debiancve
CVE-2014-10070
2018-02-27 22:29:00
cve
cve
CVE-2014-10070
2018-02-27 22:29:00
nvd
nvd
CVE-2014-10070
2018-02-27 22:29:00
prion
prion
Input validation
2018-02-27 22:29:00
cvelist
cvelist
CVE-2014-10070
2018-02-27 22:00:00
nessus
nessus
RHEL 7 : zsh (Unpatched Vulnerability)
2024-06-03 00:00:00
Debian DLA-1304-1 : zsh security update
2018-03-12 00:00:00
EulerOS 2.0 SP1 : zsh (EulerOS-SA-2018-1090)
2018-05-02 00:00:00
ubuntucve
ubuntucve
CVE-2014-10070
2018-02-27 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-2005
2021-07-02 18:22:15
debian
debian
[SECURITY] [DLA 1304-1] zsh security update
2018-03-09 17:01:41
openvas
openvas
Huawei EulerOS: Security Advisory for zsh (EulerOS-SA-2018-1090)
2020-01-23 00:00:00
Debian: Security Advisory (DLA-1304-1)
2018-03-26 00:00:00
Huawei EulerOS: Security Advisory for zsh (EulerOS-SA-2018-1091)
2020-01-23 00:00:00
osv
osv
zsh - security update
2018-03-09 00:00:00
ubuntu
ubuntu
Zsh vulnerabilities
2018-03-08 00:00:00
suse
suse
Security update for zsh (important)
2018-04-25 18:07:15
Security update for zsh (important)
2018-04-27 00:07:15