Vulnerabilities > CVE-2019-20044 - Improper Check for Dropped Privileges vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
zsh
fedoraproject
debian
apple
CWE-273
nessus

Summary

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

Vulnerable Configurations

Part Description Count
Application
Zsh
190
OS
Apple
543
OS
Linux
1
OS
Fedoraproject
2
OS
Debian
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-55.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-55 (Zsh: Privilege escalation) It was discovered that Zsh was insecure dropping privileges when unsetting PRIVILEGED option. Impact : An attacker could escalate privileges. Workaround : There is no known workaround at this time.
    last seen2020-03-31
    modified2020-03-26
    plugin id134930
    published2020-03-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134930
    titleGLSA-202003-55 : Zsh: Privilege escalation
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 202003-55.
    #
    # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134930);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/30");
    
      script_cve_id("CVE-2019-20044");
      script_xref(name:"GLSA", value:"202003-55");
    
      script_name(english:"GLSA-202003-55 : Zsh: Privilege escalation");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-202003-55
    (Zsh: Privilege escalation)
    
        It was discovered that Zsh was insecure dropping privileges when
          unsetting PRIVILEGED option.
      
    Impact :
    
        An attacker could escalate privileges.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/202003-55"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Zsh users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=app-shells/zsh-5.8'"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:zsh");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-shells/zsh", unaffected:make_list("ge 5.8"), vulnerable:make_list("lt 5.8"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Zsh");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0978.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0978 advisory. - zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-03-26
    plugin id134939
    published2020-03-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134939
    titleRHEL 8 : zsh (RHSA-2020:0978)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:0978. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(134939);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/21");
    
      script_cve_id("CVE-2019-20044");
      script_xref(name:"RHSA", value:"2020:0978");
    
      script_name(english:"RHEL 8 : zsh (RHSA-2020:0978)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in
    the RHSA-2020:0978 advisory.
    
      - zsh: insecure dropping of privileges when unsetting
        PRIVILEGED option (CVE-2019-20044)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/271.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0978");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-20044");
      script_set_attribute(attribute:"solution", value:
    "Update the affected zsh, zsh-debugsource and / or zsh-html packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-20044");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(271);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/26");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0::appstream");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_e4s:8.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_e4s:8.0::baseos");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:zsh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:zsh-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:zsh-html");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'zsh-5.5.1-6.el8_0.2', 'cpu':'aarch64', 'release':'8'},
        {'reference':'zsh-5.5.1-6.el8_0.2', 'cpu':'s390x', 'release':'8'},
        {'reference':'zsh-5.5.1-6.el8_0.2', 'cpu':'x86_64', 'release':'8'},
        {'reference':'zsh-debugsource-5.5.1-6.el8_0.2', 'cpu':'aarch64', 'release':'8'},
        {'reference':'zsh-debugsource-5.5.1-6.el8_0.2', 'cpu':'s390x', 'release':'8'},
        {'reference':'zsh-debugsource-5.5.1-6.el8_0.2', 'cpu':'x86_64', 'release':'8'},
        {'reference':'zsh-html-5.5.1-6.el8_0.2', 'release':'8'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'zsh / zsh-debugsource / zsh-html');
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0892.NASL
    descriptionThe remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0892 advisory. - zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-03-18
    plugin id134675
    published2020-03-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134675
    titleRHEL 6 : zsh (RHSA-2020:0892)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-0853.NASL
    descriptionFrom Red Hat Security Advisory 2020:0853 : The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0853 advisory. - zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-21
    modified2020-03-19
    plugin id134690
    published2020-03-19
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134690
    titleOracle Linux 7 : zsh (ELSA-2020-0853)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-0853.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0853 advisory. - zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-21
    modified2020-03-26
    plugin id134905
    published2020-03-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134905
    titleCentOS 7 : zsh (CESA-2020:0853)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0853.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0853 advisory. - zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-03-18
    plugin id134672
    published2020-03-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134672
    titleRHEL 7 : zsh (RHSA-2020:0853)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-3F38F3E517.NASL
    description - drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134458
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134458
    titleFedora 31 : zsh (2020-3f38f3e517)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200318_ZSH_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044)
    last seen2020-03-24
    modified2020-03-19
    plugin id134695
    published2020-03-19
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134695
    titleScientific Linux Security Update : zsh on SL6.x i386/x86_64 (20200318)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0073_ZSH.NASL
    descriptionAn update of the zsh package has been released.
    last seen2020-04-14
    modified2020-04-12
    plugin id135406
    published2020-04-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135406
    titlePhoton OS 3.0: Zsh PHSA-2020-3.0-0073
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-9009363F0F.NASL
    description - drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134460
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134460
    titleFedora 30 : zsh (2020-9009363f0f)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1329.NASL
    descriptionAccording to the version of the zsh package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().(CVE-2019-20044) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2020-03-23
    plugin id134820
    published2020-03-23
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134820
    titleEulerOS 2.0 SP5 : zsh (EulerOS-SA-2020-1329)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_HT211170.NASL
    descriptionThe remote host is running a version of macOS / Mac OS X that is 10.15.x prior to 10.15.5, 10.13.x prior to 10.13.6 Security Update 2020-003, 10.14.x prior to 10.14.6 Security Update 2020-003. It is, therefore, affected by multiple vulnerabilities: - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. (CVE-2019-14868) - In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). (CVE-2019-20044) - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution. (CVE-2020-3878) Note that Nessus has not tested for this issue but has instead relied only on the operating system
    last seen2020-06-12
    modified2020-05-28
    plugin id136930
    published2020-05-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136930
    titlemacOS 10.15.x < 10.15.5 / 10.14.x < 10.14.6 Security Update 2020-003 / 10.13.x < 10.13.6 Security Update 2020-003
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0903.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0903 advisory. - zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-03-23
    plugin id134829
    published2020-03-23
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134829
    titleRHEL 8 : zsh (RHSA-2020:0903)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0229_ZSH.NASL
    descriptionAn update of the zsh package has been released.
    last seen2020-04-30
    modified2020-04-22
    plugin id135870
    published2020-04-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135870
    titlePhoton OS 2.0: Zsh PHSA-2020-2.0-0229
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200317_ZSH_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044)
    last seen2020-03-21
    modified2020-03-18
    plugin id134652
    published2020-03-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134652
    titleScientific Linux Security Update : zsh on SL7.x x86_64 (20200317)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-0892.NASL
    descriptionFrom Red Hat Security Advisory 2020:0892 : The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0892 advisory. - zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-03-20
    plugin id134750
    published2020-03-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134750
    titleOracle Linux 6 : zsh (ELSA-2020-0892)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-0892.NASL
    descriptionThe remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0892 advisory. - zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-03-26
    plugin id134907
    published2020-03-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134907
    titleCentOS 6 : zsh (CESA-2020:0892)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2117.NASL
    descriptionA privilege escalation vulnerability was discovered in zsh, a shell with lots of features, whereby a user could regain a formerly elevated privelege level even when such an action should not be permitted. For Debian 8
    last seen2020-03-17
    modified2020-03-06
    plugin id134241
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134241
    titleDebian DLA-2117-1 : zsh security update

Redhat

advisories
  • bugzilla
    id1804859
    titleCVE-2019-20044 zsh: insecure dropping of privileges when unsetting PRIVILEGED option
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentzsh-html is earlier than 0:5.0.2-34.el7_7.2
            ovaloval:com.redhat.rhsa:tst:20200853001
          • commentzsh-html is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20181932002
        • AND
          • commentzsh is earlier than 0:5.0.2-34.el7_7.2
            ovaloval:com.redhat.rhsa:tst:20200853003
          • commentzsh is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20181932004
    rhsa
    idRHSA-2020:0853
    released2020-03-17
    severityImportant
    titleRHSA-2020:0853: zsh security update (Important)
  • bugzilla
    id1804859
    titleCVE-2019-20044 zsh: insecure dropping of privileges when unsetting PRIVILEGED option
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentzsh is earlier than 0:4.3.11-11.el6_10
            ovaloval:com.redhat.rhsa:tst:20200892001
          • commentzsh is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20181932004
        • AND
          • commentzsh-html is earlier than 0:4.3.11-11.el6_10
            ovaloval:com.redhat.rhsa:tst:20200892003
          • commentzsh-html is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20181932002
    rhsa
    idRHSA-2020:0892
    released2020-03-18
    severityImportant
    titleRHSA-2020:0892: zsh security update (Important)
  • bugzilla
    id1804859
    titleCVE-2019-20044 zsh: insecure dropping of privileges when unsetting PRIVILEGED option
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentzsh-html is earlier than 0:5.5.1-6.el8_1.2
            ovaloval:com.redhat.rhsa:tst:20200903001
          • commentzsh-html is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20181932002
        • AND
          • commentzsh-debugsource is earlier than 0:5.5.1-6.el8_1.2
            ovaloval:com.redhat.rhsa:tst:20200903003
          • commentzsh-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20200903004
        • AND
          • commentzsh is earlier than 0:5.5.1-6.el8_1.2
            ovaloval:com.redhat.rhsa:tst:20200903005
          • commentzsh is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20181932004
    rhsa
    idRHSA-2020:0903
    released2020-03-19
    severityImportant
    titleRHSA-2020:0903: zsh security update (Important)
rpms
  • zsh-0:5.0.2-34.el7_7.2
  • zsh-debuginfo-0:5.0.2-34.el7_7.2
  • zsh-html-0:5.0.2-34.el7_7.2
  • zsh-0:4.3.11-11.el6_10
  • zsh-debuginfo-0:4.3.11-11.el6_10
  • zsh-html-0:4.3.11-11.el6_10
  • zsh-0:5.5.1-6.el8_1.2
  • zsh-debuginfo-0:5.5.1-6.el8_1.2
  • zsh-debugsource-0:5.5.1-6.el8_1.2
  • zsh-html-0:5.5.1-6.el8_1.2
  • zsh-0:5.5.1-6.el8_0.2
  • zsh-debuginfo-0:5.5.1-6.el8_0.2
  • zsh-debugsource-0:5.5.1-6.el8_0.2
  • zsh-html-0:5.5.1-6.el8_0.2

References