var-202002-0332
Vulnerability from variot
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). Zsh Is vulnerable to improper checking of removed privileges.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An attacker can exploit this vulnerability to restore the original permissions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-55
https://security.gentoo.org/
Severity: Normal Title: Zsh: Privilege escalation Date: March 25, 2020 Bugs: #711136 ID: 202003-55
Synopsis
A vulnerability in Zsh might allow an attacker to escalate privileges.
Background
A shell designed for interactive use, although it is also a powerful scripting language.
Impact
An attacker could escalate privileges.
Workaround
There is no known workaround at this time.
Resolution
All Zsh users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-shells/zsh-5.8"
References
[ 1 ] CVE-2019-20044 https://nvd.nist.gov/vuln/detail/CVE-2019-20044
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-55
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5325-1 March 14, 2022
zsh vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Zsh.
Software Description: - zsh: shell with lots of features
Details:
Sam Foxman discovered that Zsh incorrectly handled certain inputs. (CVE-2019-20044)
It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-45444)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: zsh 5.8-6ubuntu0.1 zsh-static 5.8-6ubuntu0.1
Ubuntu 20.04 LTS: zsh 5.8-3ubuntu1.1 zsh-static 5.8-3ubuntu1.1
Ubuntu 18.04 LTS: zsh 5.4.2-3ubuntu3.2 zsh-static 5.4.2-3ubuntu3.2
Ubuntu 16.04 ESM: zsh 5.1.1-1ubuntu2.3+esm1 zsh-static 5.1.1-1ubuntu2.3+esm1
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra
macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra are now available and address the following:
Accounts Available for: macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
AirDrop Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2020-9826: Dor Hadad of Palo Alto Networks
AppleMobileFileIntegrity Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4 Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-9842: Linus Henze (pinauten.de)
AppleUSBNetworking Available for: macOS Catalina 10.15.4 Impact: Inserting a USB device that sends invalid messages may cause a kernel panic Description: A logic issue was addressed with improved restrictions. CVE-2020-9804: Andy Davis of NCC Group
Audio Available for: macOS Catalina 10.15.4 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative
Audio Available for: macOS Catalina 10.15.4 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative
Bluetooth Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9831: Yu Wang of Didi Research America
Calendar Available for: macOS Catalina 10.15.4 Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information Description: This issue was addressed with improved checks. CVE-2020-3882: Andy Grant of NCC Group
CVMS Available for: macOS Catalina 10.15.4 Impact: An application may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2020-9856: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative
DiskArbitration Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to break out of its sandbox Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team
Find My Available for: macOS Catalina 10.15.4 Impact: A local attacker may be able to elevate their privileges Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team
FontParser Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative
ImageIO Available for: macOS Catalina 10.15.4 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9789: Wenchao Li of VARAS@IIE CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
Intel Graphics Driver Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9822: ABC Research s.r.o
IPSec Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9837: Thijs Alkemade of Computest
Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to determine another application's memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2020-9797: an anonymous researcher
Kernel Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local user may be able to read kernel memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9811: Tielei Wang of Pangu Lab CVE-2020-9812: Derrek (@derrekr6)
Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management. CVE-2020-9813: Xinru Chi of Pangu Lab CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed with improved state management. CVE-2020-9809: Benjamin Randazzo (@____benjamin)
ksh Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local user may be able to execute arbitrary shell commands Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation. CVE-2019-14868
NSURL Available for: macOS Mojave 10.14.6 Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation. CVE-2020-9857: Dlive of Tencent Security Xuanwu Lab
PackageKit Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to gain root privileges Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2020-9817: Andy Grant of NCC Group
PackageKit Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to modify protected parts of the file system Description: An access issue was addressed with improved access restrictions. CVE-2020-9851: Linus Henze (pinauten.de)
Python Available for: macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2020-9793
Sandbox Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to bypass Privacy preferences Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)
Security Available for: macOS Catalina 10.15.4 Impact: A file may be incorrectly rendered to execute JavaScript Description: A validation issue was addressed with improved input sanitization. CVE-2020-9788: Wojciech Reguła of SecuRing (https://wojciechregula.blog)
SIP Available for: macOS Catalina 10.15.4 Impact: A non-privileged user may be able to modify restricted network settings Description: A logic issue was addressed with improved restrictions. CVE-2020-9824: Csaba Fitzl (@theevilbit) of Offensive Security
SQLite Available for: macOS Catalina 10.15.4 Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9794
System Preferences Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with improved state handling. CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative
USB Audio Available for: macOS Catalina 10.15.4 Impact: A USB device may be able to cause a denial of service Description: A validation issue was addressed with improved input sanitization. CVE-2020-9792: Andy Davis of NCC Group
Wi-Fi Available for: macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A double free issue was addressed with improved memory management. CVE-2020-9844: Ian Beer of Google Project Zero
Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-9830: Tielei Wang of Pangu Lab
Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-9834: Yu Wang of Didi Research America
Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-9833: Yu Wang of Didi Research America
Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9832: Yu Wang of Didi Research America
WindowServer Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
zsh Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local attacker may be able to elevate their privileges Description: An authorization issue was addressed with improved state management. CVE-2019-20044: Sam Foxman
Additional recognition
CoreBluetooth We would like to acknowledge Maximilian von Tschitschnitz of Technical University Munich and Ludwig Peuckert of Technical University Munich for their assistance.
CoreText We would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.
Endpoint Security We would like to acknowledge an anonymous researcher for their assistance.
ImageIO We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily We would like to acknowledge Andy Davis of NCC Group for their assistance.
IPSec We would like to acknowledge Thijs Alkemade of Computest for their assistance.
Login Window We would like to acknowledge Jon Morby and an anonymous researcher for their assistance.
Sandbox We would like to acknowledge Jason L Lang of Optum for their assistance.
Spotlight We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
Installation note:
macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64
iQIcBAEDCAAGBQJezZcfAAoJEAc+Lhnt8tDNIQYP/0YN+/T85WC7RJjAlRrUDduD ZO0e76d2C1jNgZWsYmXnrEPwfRYAEPLcKgb/SxAlwlRNFqex9CNu2sD1aA3GZBIO MaektARuncqh06rl8BjbakS4HQs675vUEjoJS9H2d0pq2dSEIjOtH1agJwtGIeNS wHBFlUnQzI42hurYeq7fxRdiByf+Z3mKEBt6wlVtaWjqcMfG9sroj9H58RLiqSNm VNfU4eZNPrG49kbTf4IC2JvvKg18hrUZqIcjbV/56+kPBl4+USIxh/5ECJHV/cDD BEe64M2I1LiY0lq6neoOeHvBiiIvUq9EUW2PBnfcbo3V1D35mm6td+WnO3Buqo6f EEkjfIwtq7fI10ZPYYjiUayrQyfqmM3x14JcxDsHzlerT6NNRTg3g2ls0seQK9Lt 8IDbkrseOR0JFukR1njC+cAk4RbDFue5cUJK6Js1nGvFwLN0kHFIhh9jFKgccgH7 bKSLDAdB+kSxBOshDDmYyNS+KRzXEWIsBU8ZbNAbRDANWqm4lcPffKWcG7zIdiMQ JLUclRURf35AoFmJ0F1BZSRzFuHr1Dvh23SjNK7H9i/mD05+rY6esh5ZKco+6Yqe pW/EOXEAs/J06xUytABH3SkFmQSzlIPuFrXa8qAskHhFp/E8yLehyefoY+AZJjal sLrLBIOxQCTskSFoExP8 =2eah -----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: zsh security update Advisory ID: RHSA-2020:0853-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0853 Issue date: 2020-03-17 CVE Names: CVE-2019-20044 =====================================================================
- Summary:
An update for zsh is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more.
Security Fix(es):
- zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: zsh-5.0.2-34.el7_7.2.src.rpm
x86_64: zsh-5.0.2-34.el7_7.2.x86_64.rpm zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm zsh-html-5.0.2-34.el7_7.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: zsh-5.0.2-34.el7_7.2.src.rpm
x86_64: zsh-5.0.2-34.el7_7.2.x86_64.rpm zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm zsh-html-5.0.2-34.el7_7.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: zsh-5.0.2-34.el7_7.2.src.rpm
ppc64: zsh-5.0.2-34.el7_7.2.ppc64.rpm zsh-debuginfo-5.0.2-34.el7_7.2.ppc64.rpm
ppc64le: zsh-5.0.2-34.el7_7.2.ppc64le.rpm zsh-debuginfo-5.0.2-34.el7_7.2.ppc64le.rpm
s390x: zsh-5.0.2-34.el7_7.2.s390x.rpm zsh-debuginfo-5.0.2-34.el7_7.2.s390x.rpm
x86_64: zsh-5.0.2-34.el7_7.2.x86_64.rpm zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: zsh-debuginfo-5.0.2-34.el7_7.2.ppc64.rpm zsh-html-5.0.2-34.el7_7.2.ppc64.rpm
ppc64le: zsh-debuginfo-5.0.2-34.el7_7.2.ppc64le.rpm zsh-html-5.0.2-34.el7_7.2.ppc64le.rpm
s390x: zsh-debuginfo-5.0.2-34.el7_7.2.s390x.rpm zsh-html-5.0.2-34.el7_7.2.s390x.rpm
x86_64: zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm zsh-html-5.0.2-34.el7_7.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: zsh-5.0.2-34.el7_7.2.src.rpm
x86_64: zsh-5.0.2-34.el7_7.2.x86_64.rpm zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm zsh-html-5.0.2-34.el7_7.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-20044 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64
iQIcBAEDCAAGBQJezV7iAAoJEAc+Lhnt8tDNOiEP/10y27pTK/QbuSGW7HnZoJjg f2sHKU0JBCz7BjdgZHl6g+glsYPTojGGlIEa/r0ID9X74I41YS3cGvzmTQXcSdXV Xbs98UPjabCZOMiTW/LBxx25I78UptqhMhisrXnNXfu+lAYOxmJVQ0vbN9jd9za9 oKw1ydIi4aGfwPg8KOtMbxzE8wb8+SsRlHmXGh4qSmJ0o5BIvumdPMQRInM5Sdhp d/XWrgc7SPKervyfgvlylWE3KteDDSkk8d42wN4444pLQkVrKnaxGKHjWz01jcMF 1uB9ExsQbINGeR78wu8hD1wZke735shCwSyHHlSVf0iT/Ji3Zafy5dN79lMH5M8t x6ZmvDaPtNXGTaH41oTqsmyVoauy8ArWVMAuyi/ZdM6tM4J+7nEEAhrzvVOJ/0A2 nTdGZBDUeUmDLpcJwGw4h8MCYNqscHYNAPUJ2sLfyQhT6lC71yvJeKENwsK77hTC ZP+TFZbnbq7kETD/JknhGb8eC4DQ71NmlRNWpfKBId5bvXLRqiP/WHtwQk6XYCBN YNEOAUltQd4vKAI1ozjMh+RTI0EHNxTZCWJPawEkk2WhAytz+js+nJB4R9kp6N+k GghA5YOwLr/RveIzgm3fWEXOCR7b+7qxic+DPPULycnpdhDglbBWr4p8giQufnS2 2yHIY1iRg2jjw5hArbVE =9PNQ -----END PGP SIGNATURE-----
. 8) - aarch64, ppc64le, s390x, x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0332",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.13.6"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.13.6"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.4.5"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.5"
},
{
"model": "zsh",
"scope": "lt",
"trust": 1.0,
"vendor": "zsh",
"version": "5.8"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "6.2.5"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "zsh",
"scope": "eq",
"trust": 0.8,
"vendor": "zsh",
"version": "5.8"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"db": "NVD",
"id": "CVE-2019-20044"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zsh:zsh",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple,Red Hat",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1097"
}
],
"trust": 0.6
},
"cve": "CVE-2019-20044",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-20044",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014656",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-152551",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-20044",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014656",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-20044",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014656",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1097",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-152551",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-20044",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152551"
},
{
"db": "VULMON",
"id": "CVE-2019-20044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1097"
},
{
"db": "NVD",
"id": "CVE-2019-20044"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). Zsh Is vulnerable to improper checking of removed privileges.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An attacker can exploit this vulnerability to restore the original permissions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202003-55\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Zsh: Privilege escalation\n Date: March 25, 2020\n Bugs: #711136\n ID: 202003-55\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability in Zsh might allow an attacker to escalate privileges. \n\nBackground\n==========\n\nA shell designed for interactive use, although it is also a powerful\nscripting language. \n\nImpact\n======\n\nAn attacker could escalate privileges. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Zsh users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-shells/zsh-5.8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-20044\n https://nvd.nist.gov/vuln/detail/CVE-2019-20044\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-55\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5325-1\nMarch 14, 2022\n\nzsh vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Zsh. \n\nSoftware Description:\n- zsh: shell with lots of features\n\nDetails:\n\nSam Foxman discovered that Zsh incorrectly handled certain inputs. \n(CVE-2019-20044)\n\nIt was discovered that Zsh incorrectly handled certain inputs. \nAn attacker could possibly use this issue to execute arbitrary code. \n(CVE-2021-45444)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n zsh 5.8-6ubuntu0.1\n zsh-static 5.8-6ubuntu0.1\n\nUbuntu 20.04 LTS:\n zsh 5.8-3ubuntu1.1\n zsh-static 5.8-3ubuntu1.1\n\nUbuntu 18.04 LTS:\n zsh 5.4.2-3ubuntu3.2\n zsh-static 5.4.2-3ubuntu3.2\n\nUbuntu 16.04 ESM:\n zsh 5.1.1-1ubuntu2.3+esm1\n zsh-static 5.1.1-1ubuntu2.3+esm1\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update\n2020-003 Mojave, Security Update 2020-003 High Sierra\n\nmacOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security\nUpdate 2020-003 High Sierra are now available and address the\nfollowing:\n\nAccounts\nAvailable for: macOS Catalina 10.15.4\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt\n\nAirDrop\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2020-9826: Dor Hadad of Palo Alto Networks\n\nAppleMobileFileIntegrity\nAvailable for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4\nImpact: An application may be able to use arbitrary entitlements\nDescription: This issue was addressed with improved checks. \nCVE-2020-9842: Linus Henze (pinauten.de)\n\nAppleUSBNetworking\nAvailable for: macOS Catalina 10.15.4\nImpact: Inserting a USB device that sends invalid messages may cause\na kernel panic\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9804: Andy Davis of NCC Group\n\nAudio\nAvailable for: macOS Catalina 10.15.4\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero\nDay Initiative\n\nAudio\nAvailable for: macOS Catalina 10.15.4\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero\nDay Initiative\n\nBluetooth\nAvailable for: macOS Catalina 10.15.4\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9831: Yu Wang of Didi Research America\n\nCalendar\nAvailable for: macOS Catalina 10.15.4\nImpact: Importing a maliciously crafted calendar invitation may\nexfiltrate user information\nDescription: This issue was addressed with improved checks. \nCVE-2020-3882: Andy Grant of NCC Group\n\nCVMS\nAvailable for: macOS Catalina 10.15.4\nImpact: An application may be able to gain elevated privileges\nDescription: This issue was addressed with improved checks. \nCVE-2020-9856: @jinmo123, @setuid0x0_, and @insu_yun_en of\n@SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\nDiskArbitration\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team\n\nFind My\nAvailable for: macOS Catalina 10.15.4\nImpact: A local attacker may be able to elevate their privileges\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team\n\nFontParser\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend\nMicro Zero Day Initiative\n\nImageIO\nAvailable for: macOS Catalina 10.15.4\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\nImageIO\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9789: Wenchao Li of VARAS@IIE\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nIntel Graphics Driver\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9822: ABC Research s.r.o\n\nIPSec\nAvailable for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4\nImpact: A remote attacker may be able to leak memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9837: Thijs Alkemade of Computest\n\nKernel\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A malicious application may be able to determine another\napplication\u0027s memory layout\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2020-9797: an anonymous researcher\n\nKernel\nAvailable for: macOS Catalina 10.15.4\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A local user may be able to read kernel memory\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2020-9811: Tielei Wang of Pangu Lab\nCVE-2020-9812: Derrek (@derrekr6)\n\nKernel\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A logic issue existed resulting in memory corruption. \nThis was addressed with improved state management. \nCVE-2020-9813: Xinru Chi of Pangu Lab\nCVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2020-9809: Benjamin Randazzo (@____benjamin)\n\nksh\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A local user may be able to execute arbitrary shell commands\nDescription: An issue existed in the handling of environment\nvariables. This issue was addressed with improved validation. \nCVE-2019-14868\n\nNSURL\nAvailable for: macOS Mojave 10.14.6\nImpact: A malicious website may be able to exfiltrate autofilled data\nin Safari\nDescription: An issue existed in the parsing of URLs. This issue was\naddressed with improved input validation. \nCVE-2020-9857: Dlive of Tencent Security Xuanwu Lab\n\nPackageKit\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A malicious application may be able to gain root privileges\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2020-9817: Andy Grant of NCC Group\n\nPackageKit\nAvailable for: macOS Catalina 10.15.4\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2020-9851: Linus Henze (pinauten.de)\n\nPython\nAvailable for: macOS Catalina 10.15.4\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2020-9793\n\nSandbox\nAvailable for: macOS Catalina 10.15.4\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)\n\nSecurity\nAvailable for: macOS Catalina 10.15.4\nImpact: A file may be incorrectly rendered to execute JavaScript\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2020-9788: Wojciech Regu\u0142a of SecuRing\n(https://wojciechregula.blog)\n\nSIP\nAvailable for: macOS Catalina 10.15.4\nImpact: A non-privileged user may be able to modify restricted\nnetwork settings\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9824: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSQLite\nAvailable for: macOS Catalina 10.15.4\nImpact: A malicious application may cause a denial of service or\npotentially disclose memory contents\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9794\n\nSystem Preferences\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: An application may be able to gain elevated privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of\n@SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\nUSB Audio\nAvailable for: macOS Catalina 10.15.4\nImpact: A USB device may be able to cause a denial of service\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2020-9792: Andy Davis of NCC Group\n\nWi-Fi\nAvailable for: macOS Catalina 10.15.4\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: A double free issue was addressed with improved memory\nmanagement. \nCVE-2020-9844: Ian Beer of Google Project Zero\n\nWi-Fi\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-9830: Tielei Wang of Pangu Lab\n\nWi-Fi\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2020-9834: Yu Wang of Didi Research America\n\nWi-Fi\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A local user may be able to read kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2020-9833: Yu Wang of Didi Research America\n\nWi-Fi\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9832: Yu Wang of Didi Research America\n\nWindowServer\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nzsh\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A local attacker may be able to elevate their privileges\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2019-20044: Sam Foxman\n\nAdditional recognition\n\nCoreBluetooth\nWe would like to acknowledge Maximilian von Tschitschnitz of\nTechnical University Munich and Ludwig Peuckert of Technical\nUniversity Munich for their assistance. \n\nCoreText\nWe would like to acknowledge Jiska Classen (@naehrdine) and Dennis\nHeinze (@ttdennis) of Secure Mobile Networking Lab for their\nassistance. \n\nEndpoint Security\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nImageIO\nWe would like to acknowledge Lei Sun for their assistance. \n\nIOHIDFamily\nWe would like to acknowledge Andy Davis of NCC Group for their\nassistance. \n\nIPSec\nWe would like to acknowledge Thijs Alkemade of Computest for their\nassistance. \n\nLogin Window\nWe would like to acknowledge Jon Morby and an anonymous researcher\nfor their assistance. \n\nSandbox\nWe would like to acknowledge Jason L Lang of Optum for their\nassistance. \n\nSpotlight\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nInstallation note:\n\nmacOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security\nUpdate 2020-003 High Sierra may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.64\n\niQIcBAEDCAAGBQJezZcfAAoJEAc+Lhnt8tDNIQYP/0YN+/T85WC7RJjAlRrUDduD\nZO0e76d2C1jNgZWsYmXnrEPwfRYAEPLcKgb/SxAlwlRNFqex9CNu2sD1aA3GZBIO\nMaektARuncqh06rl8BjbakS4HQs675vUEjoJS9H2d0pq2dSEIjOtH1agJwtGIeNS\nwHBFlUnQzI42hurYeq7fxRdiByf+Z3mKEBt6wlVtaWjqcMfG9sroj9H58RLiqSNm\nVNfU4eZNPrG49kbTf4IC2JvvKg18hrUZqIcjbV/56+kPBl4+USIxh/5ECJHV/cDD\nBEe64M2I1LiY0lq6neoOeHvBiiIvUq9EUW2PBnfcbo3V1D35mm6td+WnO3Buqo6f\nEEkjfIwtq7fI10ZPYYjiUayrQyfqmM3x14JcxDsHzlerT6NNRTg3g2ls0seQK9Lt\n8IDbkrseOR0JFukR1njC+cAk4RbDFue5cUJK6Js1nGvFwLN0kHFIhh9jFKgccgH7\nbKSLDAdB+kSxBOshDDmYyNS+KRzXEWIsBU8ZbNAbRDANWqm4lcPffKWcG7zIdiMQ\nJLUclRURf35AoFmJ0F1BZSRzFuHr1Dvh23SjNK7H9i/mD05+rY6esh5ZKco+6Yqe\npW/EOXEAs/J06xUytABH3SkFmQSzlIPuFrXa8qAskHhFp/E8yLehyefoY+AZJjal\nsLrLBIOxQCTskSFoExP8\n=2eah\n-----END PGP SIGNATURE-----\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: zsh security update\nAdvisory ID: RHSA-2020:0853-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:0853\nIssue date: 2020-03-17\nCVE Names: CVE-2019-20044 \n=====================================================================\n\n1. Summary:\n\nAn update for zsh is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe zsh shell is a command interpreter usable as an interactive login shell\nand as a shell script command processor. Zsh resembles the ksh shell (the\nKorn shell), but includes many enhancements. Zsh supports command-line\nediting, built-in spelling correction, programmable command completion,\nshell functions (with autoloading), a history mechanism, and more. \n\nSecurity Fix(es):\n\n* zsh: insecure dropping of privileges when unsetting PRIVILEGED option\n(CVE-2019-20044)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nzsh-5.0.2-34.el7_7.2.src.rpm\n\nx86_64:\nzsh-5.0.2-34.el7_7.2.x86_64.rpm\nzsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nzsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm\nzsh-html-5.0.2-34.el7_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nzsh-5.0.2-34.el7_7.2.src.rpm\n\nx86_64:\nzsh-5.0.2-34.el7_7.2.x86_64.rpm\nzsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nzsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm\nzsh-html-5.0.2-34.el7_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nzsh-5.0.2-34.el7_7.2.src.rpm\n\nppc64:\nzsh-5.0.2-34.el7_7.2.ppc64.rpm\nzsh-debuginfo-5.0.2-34.el7_7.2.ppc64.rpm\n\nppc64le:\nzsh-5.0.2-34.el7_7.2.ppc64le.rpm\nzsh-debuginfo-5.0.2-34.el7_7.2.ppc64le.rpm\n\ns390x:\nzsh-5.0.2-34.el7_7.2.s390x.rpm\nzsh-debuginfo-5.0.2-34.el7_7.2.s390x.rpm\n\nx86_64:\nzsh-5.0.2-34.el7_7.2.x86_64.rpm\nzsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nzsh-debuginfo-5.0.2-34.el7_7.2.ppc64.rpm\nzsh-html-5.0.2-34.el7_7.2.ppc64.rpm\n\nppc64le:\nzsh-debuginfo-5.0.2-34.el7_7.2.ppc64le.rpm\nzsh-html-5.0.2-34.el7_7.2.ppc64le.rpm\n\ns390x:\nzsh-debuginfo-5.0.2-34.el7_7.2.s390x.rpm\nzsh-html-5.0.2-34.el7_7.2.s390x.rpm\n\nx86_64:\nzsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm\nzsh-html-5.0.2-34.el7_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nzsh-5.0.2-34.el7_7.2.src.rpm\n\nx86_64:\nzsh-5.0.2-34.el7_7.2.x86_64.rpm\nzsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nzsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm\nzsh-html-5.0.2-34.el7_7.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-20044\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.64\n\niQIcBAEDCAAGBQJezV7iAAoJEAc+Lhnt8tDNOiEP/10y27pTK/QbuSGW7HnZoJjg\nf2sHKU0JBCz7BjdgZHl6g+glsYPTojGGlIEa/r0ID9X74I41YS3cGvzmTQXcSdXV\nXbs98UPjabCZOMiTW/LBxx25I78UptqhMhisrXnNXfu+lAYOxmJVQ0vbN9jd9za9\noKw1ydIi4aGfwPg8KOtMbxzE8wb8+SsRlHmXGh4qSmJ0o5BIvumdPMQRInM5Sdhp\nd/XWrgc7SPKervyfgvlylWE3KteDDSkk8d42wN4444pLQkVrKnaxGKHjWz01jcMF\n1uB9ExsQbINGeR78wu8hD1wZke735shCwSyHHlSVf0iT/Ji3Zafy5dN79lMH5M8t\nx6ZmvDaPtNXGTaH41oTqsmyVoauy8ArWVMAuyi/ZdM6tM4J+7nEEAhrzvVOJ/0A2\nnTdGZBDUeUmDLpcJwGw4h8MCYNqscHYNAPUJ2sLfyQhT6lC71yvJeKENwsK77hTC\nZP+TFZbnbq7kETD/JknhGb8eC4DQ71NmlRNWpfKBId5bvXLRqiP/WHtwQk6XYCBN\nYNEOAUltQd4vKAI1ozjMh+RTI0EHNxTZCWJPawEkk2WhAytz+js+nJB4R9kp6N+k\nGghA5YOwLr/RveIzgm3fWEXOCR7b+7qxic+DPPULycnpdhDglbBWr4p8giQufnS2\n2yHIY1iRg2jjw5hArbVE\n=9PNQ\n-----END PGP SIGNATURE-----\n\n\n\n. 8) - aarch64, ppc64le, s390x, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-20044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"db": "VULHUB",
"id": "VHN-152551"
},
{
"db": "VULMON",
"id": "CVE-2019-20044"
},
{
"db": "PACKETSTORM",
"id": "156919"
},
{
"db": "PACKETSTORM",
"id": "157883"
},
{
"db": "PACKETSTORM",
"id": "156924"
},
{
"db": "PACKETSTORM",
"id": "166306"
},
{
"db": "PACKETSTORM",
"id": "157877"
},
{
"db": "PACKETSTORM",
"id": "156794"
},
{
"db": "PACKETSTORM",
"id": "157879"
},
{
"db": "PACKETSTORM",
"id": "156818"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-20044",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "156818",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156924",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166306",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157883",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014656",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156805",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1097",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.0988",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0973",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1081",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1105",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4265",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0952",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1072",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1861",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0769",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031621",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156794",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "156919",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "157879",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "157874",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-50123",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-152551",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-20044",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157877",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152551"
},
{
"db": "VULMON",
"id": "CVE-2019-20044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"db": "PACKETSTORM",
"id": "156919"
},
{
"db": "PACKETSTORM",
"id": "157883"
},
{
"db": "PACKETSTORM",
"id": "156924"
},
{
"db": "PACKETSTORM",
"id": "166306"
},
{
"db": "PACKETSTORM",
"id": "157877"
},
{
"db": "PACKETSTORM",
"id": "156794"
},
{
"db": "PACKETSTORM",
"id": "157879"
},
{
"db": "PACKETSTORM",
"id": "156818"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1097"
},
{
"db": "NVD",
"id": "CVE-2019-20044"
}
]
},
"id": "VAR-202002-0332",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-152551"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T19:26:07.642000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes",
"trust": 0.8,
"url": "http://zsh.sourceforge.net/releases.html"
},
{
"title": "zsh-announce",
"trust": 0.8,
"url": "https://www.zsh.org/mla/zsh-announce/141"
},
{
"title": "Zsh Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110771"
},
{
"title": "Red Hat: Important: zsh security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200853 - Security Advisory"
},
{
"title": "Red Hat: Important: zsh security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200978 - Security Advisory"
},
{
"title": "Red Hat: Important: zsh security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200903 - Security Advisory"
},
{
"title": "Red Hat: Important: zsh security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200892 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: zsh: CVE-2019-20044: insecure dropping of privileges when unsetting PRIVILEGED option",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=65aa69745a1e62fea4c4cd467d3f7c8a"
},
{
"title": "Ubuntu Security Notice: USN-5325-1: Zsh vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5325-1"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1439",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1439"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/MRXXII/zsh "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-20044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1097"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-273",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152551"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"db": "NVD",
"id": "CVE-2019-20044"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://support.apple.com/kb/ht211168"
},
{
"trust": 2.4,
"url": "https://support.apple.com/kb/ht211170"
},
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20044"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202003-55"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211168"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211170"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211171"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211175"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht211171"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht211175"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2020/may/49"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2020/may/53"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2020/may/59"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2020/may/55"
},
{
"trust": 1.8,
"url": "http://zsh.sourceforge.net/releases.html"
},
{
"trust": 1.8,
"url": "https://github.com/xmb5/zsh-privileged-upgrade"
},
{
"trust": 1.8,
"url": "https://www.zsh.org/mla/zsh-announce/141"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pn5v7mphrrp7qnhoek56s7qgru53wun6/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fp64ffizi2ckqoeaoi5a72pvqule7zzc/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fp64ffizi2ckqoeaoi5a72pvqule7zzc/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pn5v7mphrrp7qnhoek56s7qgru53wun6/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20044"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156924/red-hat-security-advisory-2020-0978-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1861/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/zsh-privilege-escalation-via-zmodload-31713"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0769/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0988/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1072"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156805/red-hat-security-advisory-2020-0892-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4265/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0973/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0952/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht211170"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156818/red-hat-security-advisory-2020-0903-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1081/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166306/ubuntu-security-notice-usn-5325-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157883/apple-security-advisory-2020-05-26-4.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1105"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031621"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9809"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9813"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9795"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9814"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9811"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9797"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9791"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9808"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9790"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9821"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9816"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9789"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3878"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9815"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9793"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9794"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9812"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20044"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:0853"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5325-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9807"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9806"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9827"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9802"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20503"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9800"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9805"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9803"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/273.html"
},
{
"trust": 0.1,
"url": "https://github.com/mrxxii/zsh"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2020-1439.html"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9829"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9837"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/zsh/5.4.2-3ubuntu3.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/zsh/5.8-3ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/zsh/5.8-6ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9804"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14868"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9792"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3882"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9825"
},
{
"trust": 0.1,
"url": "https://wojciechregula.blog)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9819"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9818"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0903"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152551"
},
{
"db": "VULMON",
"id": "CVE-2019-20044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"db": "PACKETSTORM",
"id": "156919"
},
{
"db": "PACKETSTORM",
"id": "157883"
},
{
"db": "PACKETSTORM",
"id": "156924"
},
{
"db": "PACKETSTORM",
"id": "166306"
},
{
"db": "PACKETSTORM",
"id": "157877"
},
{
"db": "PACKETSTORM",
"id": "156794"
},
{
"db": "PACKETSTORM",
"id": "157879"
},
{
"db": "PACKETSTORM",
"id": "156818"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1097"
},
{
"db": "NVD",
"id": "CVE-2019-20044"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-152551"
},
{
"db": "VULMON",
"id": "CVE-2019-20044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"db": "PACKETSTORM",
"id": "156919"
},
{
"db": "PACKETSTORM",
"id": "157883"
},
{
"db": "PACKETSTORM",
"id": "156924"
},
{
"db": "PACKETSTORM",
"id": "166306"
},
{
"db": "PACKETSTORM",
"id": "157877"
},
{
"db": "PACKETSTORM",
"id": "156794"
},
{
"db": "PACKETSTORM",
"id": "157879"
},
{
"db": "PACKETSTORM",
"id": "156818"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1097"
},
{
"db": "NVD",
"id": "CVE-2019-20044"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-152551"
},
{
"date": "2020-02-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20044"
},
{
"date": "2020-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"date": "2020-03-26T14:45:59",
"db": "PACKETSTORM",
"id": "156919"
},
{
"date": "2020-05-29T19:07:47",
"db": "PACKETSTORM",
"id": "157883"
},
{
"date": "2020-03-26T14:48:50",
"db": "PACKETSTORM",
"id": "156924"
},
{
"date": "2022-03-14T19:00:12",
"db": "PACKETSTORM",
"id": "166306"
},
{
"date": "2020-05-29T19:04:22",
"db": "PACKETSTORM",
"id": "157877"
},
{
"date": "2020-03-18T15:00:12",
"db": "PACKETSTORM",
"id": "156794"
},
{
"date": "2020-05-29T19:05:25",
"db": "PACKETSTORM",
"id": "157879"
},
{
"date": "2020-03-19T15:22:41",
"db": "PACKETSTORM",
"id": "156818"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1097"
},
{
"date": "2020-02-24T14:15:11.667000",
"db": "NVD",
"id": "CVE-2019-20044"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-152551"
},
{
"date": "2023-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20044"
},
{
"date": "2020-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"date": "2022-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1097"
},
{
"date": "2024-11-21T04:37:56.997000",
"db": "NVD",
"id": "CVE-2019-20044"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1097"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zsh Vulnerability in improper checking for deleted privileges in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1097"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.