Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 711136 (CVE-2019-20044)

Summary: <app-shells/zsh-5.8: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: polynomial-c
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.zsh.org/mla/zsh-announce/141
Whiteboard: B3 [glsa+ cve]
Package list:
app-shells/zsh-5.8
 Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-01 02:02:47 UTC 
"In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid()."

MITRE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20044
Affects: <5.8
Comment 1 Agostino Sarubbo gentoo-dev 2020-03-01 13:04:35 UTC 
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2020-03-02 12:30:38 UTC 
sparc stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-03-02 12:33:21 UTC 
x86 stable
Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev 2020-03-02 12:37:04 UTC 
ia64/ppc/ppc64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-03-05 12:50:10 UTC 
arm stable
Comment 6 Mart Raudsepp gentoo-dev 2020-03-14 21:51:52 UTC 
arm64 stable
Comment 7 Rolf Eike Beer archtester 2020-03-16 17:46:50 UTC 
hppa stable
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-18 20:05:53 UTC 
Thanks arches.

Maintainer(s), please drop the vulnerable version(s).
Comment 9 Larry the Git Cow gentoo-dev 2020-03-18 20:55:25 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a12520a673e400902c64889848cc413746fc87c

commit 8a12520a673e400902c64889848cc413746fc87c
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-03-18 20:55:09 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-03-18 20:55:09 +0000

    app-shells/zsh: Security cleanup
    
    Bug: https://bugs.gentoo.org/711136
    Package-Manager: Portage-2.3.94, Repoman-2.3.21
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 app-shells/zsh/Manifest            |   2 -
 app-shells/zsh/zsh-5.7.1-r1.ebuild | 221 -------------------------------------
 2 files changed, 223 deletions(-)
Comment 10 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-19 19:00:18 UTC 
Thanks all.
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-25 20:13:21 UTC 
GLSA Vote: Yes

New GLSA request filed.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2020-03-25 20:24:24 UTC 
This issue was resolved and addressed in
 GLSA 202003-55 at https://security.gentoo.org/glsa/202003-55
by GLSA coordinator Thomas Deutschmann (whissi).