CVE-2019-20044

CVSS V2 High 7.2 CVSS V3 High 7.8
Description
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
Overview
  • CVE ID
  • CVE-2019-20044
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2020-02-24T14:15:11
  • Last Modified Date
  • 2023-01-09T16:41:59
Weakness Enumerations
CWE URL
CWE-273 http://cwe.mitre.org/data/definitions/273.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:zsh:zsh:*:*:*:*:*:*:*:* 1 OR 5.8
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* 1 OR 13.5
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* 1 OR 13.5
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* 1 OR 10.15.5
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* 1 OR 10.13.0 10.13.6
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* 1 OR 10.14.0 10.14.6
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* 1 OR 10.15 10.15.5
cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* 1 OR 13.4.5
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* 1 OR 6.2.5
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • LOCAL
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.2
  • Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 10
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • LOCAL
  • Attack Compatibility
  • LOW
  • Privileges Required
  • LOW
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 7.8
  • Base Severity
  • HIGH
  • Exploitability Score
  • 1.8
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
http://zsh.sourceforge.net/releases.html Release Notes Third Party Advisory
https://github.com/XMB5/zsh-privileged-upgrade Broken Link
https://www.zsh.org/mla/zsh-announce/141 Release Notes Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/ Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202003-55 Third Party Advisory
https://support.apple.com/kb/HT211175 Third Party Advisory
https://support.apple.com/kb/HT211170 Third Party Advisory
https://support.apple.com/kb/HT211171 Third Party Advisory
https://support.apple.com/kb/HT211168 Third Party Advisory
http://seclists.org/fulldisclosure/2020/May/49 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2020/May/59 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2020/May/55 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2020/May/53 Mailing List Third Party Advisory
https://support.apple.com/HT211168 Third Party Advisory
https://support.apple.com/HT211170 Third Party Advisory
https://support.apple.com/HT211171 Third Party Advisory
https://support.apple.com/HT211175 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html Mailing List Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2019-20044
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20044
History
Created Old Value New Value Data Type Notes
2022-05-10 16:05:05 Added to TrackCVE
2022-12-04 11:42:38 2020-02-24T14:15Z 2020-02-24T14:15:11 CVE Published Date updated
2022-12-04 11:42:38 2021-09-16T13:17:35 CVE Modified Date updated
2022-12-04 11:42:38 Analyzed Vulnerability Status updated
2023-01-09 18:13:53 2023-01-09T16:41:59 CVE Modified Date updated