Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-2470.NASLHistoryDec 01, 2020 - 12:00 a.m.
Debian DLA-2470-1 : zsh security update
2020-12-0100:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
8.3 High
AI Score
Confidence
High
Several security vulnerabilities were found and corrected in zsh, a powerful shell and scripting language. Off-by-one errors, wrong parsing of shebang lines and buffer overflows may lead to unexpected behavior. A local, unprivileged user can create a specially crafted message file or directory path. If the receiving user is privileged or traverses the aforementioned path, this leads to privilege escalation.
For Debian 9 stretch, these problems have been fixed in version 5.3.1-4+deb9u4.
We recommend that you upgrade your zsh packages.
For the detailed security status of zsh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/zsh
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-2470-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(143401);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/07");
script_cve_id(
"CVE-2017-18206",
"CVE-2018-0502",
"CVE-2018-1071",
"CVE-2018-1083",
"CVE-2018-1100",
"CVE-2018-13259",
"CVE-2019-20044"
);
script_name(english:"Debian DLA-2470-1 : zsh security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security update.");
script_set_attribute(attribute:"description", value:
"Several security vulnerabilities were found and corrected in zsh, a
powerful shell and scripting language. Off-by-one errors, wrong
parsing of shebang lines and buffer overflows may lead to unexpected
behavior. A local, unprivileged user can create a specially crafted
message file or directory path. If the receiving user is privileged or
traverses the aforementioned path, this leads to privilege escalation.
For Debian 9 stretch, these problems have been fixed in version
5.3.1-4+deb9u4.
We recommend that you upgrade your zsh packages.
For the detailed security status of zsh please refer to its security
tracker page at: https://security-tracker.debian.org/tracker/zsh
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/stretch/zsh");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/zsh");
script_set_attribute(attribute:"solution", value:
"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-13259");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/27");
script_set_attribute(attribute:"patch_publication_date", value:"2020/11/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/12/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:zsh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:zsh-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:zsh-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:zsh-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:zsh-static");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"9.0", prefix:"zsh", reference:"5.3.1-4+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"zsh-common", reference:"5.3.1-4+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"zsh-dev", reference:"5.3.1-4+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"zsh-doc", reference:"5.3.1-4+deb9u4")) flag++;
if (deb_check(release:"9.0", prefix:"zsh-static", reference:"5.3.1-4+deb9u4")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | zsh | p-cpe:/a:debian:debian_linux:zsh |
| debian | debian_linux | zsh-common | p-cpe:/a:debian:debian_linux:zsh-common |
| debian | debian_linux | zsh-dev | p-cpe:/a:debian:debian_linux:zsh-dev |
| debian | debian_linux | zsh-doc | p-cpe:/a:debian:debian_linux:zsh-doc |
| debian | debian_linux | zsh-static | p-cpe:/a:debian:debian_linux:zsh-static |
| debian | debian_linux | 9.0 | cpe:/o:debian:debian_linux:9.0 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18206
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0502
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1071
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1083
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13259
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20044
lists.debian.org/debian-lts-announce/2020/12/msg00000.html
packages.debian.org/source/stretch/zsh
security-tracker.debian.org/tracker/source-package/zsh
Related
debian
debian
[SECURITY] [DLA 2470-1] zsh security update
2020-12-01 03:35:46
[SECURITY] [DLA 1335-1] zsh security update
2018-03-31 22:19:41
[SECURITY] [DLA 2117-1] zsh security update
2020-03-02 22:24:46
openvas
openvas
Debian LTS: Security Advisory for zsh (DLA-2470-1)
2020-12-02 00:00:00
openSUSE: Security Advisory for zsh (openSUSE-SU-2018:2966-1)
2018-10-03 00:00:00
Huawei EulerOS: Security Advisory for zsh (EulerOS-SA-2019-2235)
2020-01-23 00:00:00
osv
osv
zsh - security update
2020-11-30 00:00:00
zsh - security update
2018-03-31 00:00:00
CVE-2017-18206
2018-02-27 22:29:00
suse
suse
Security update for zsh (important)
2018-10-02 12:07:57
Security update for zsh (moderate)
2018-07-06 00:07:46
Security update for zsh (important)
2018-09-17 12:13:49
nessus
nessus
openSUSE Security Update : zsh (openSUSE-2018-1094)
2018-10-03 00:00:00
EulerOS 2.0 SP5 : zsh (EulerOS-SA-2019-2235)
2019-11-08 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Zsh vulnerabilities (USN-3764-1)
2018-09-12 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: zsh-5.4.1-4.fc27
2018-09-14 21:54:37
[SECURITY] Fedora 28 Update: zsh-5.5-1.fc28
2018-04-17 00:24:00
[SECURITY] Fedora 27 Update: zsh-5.4.1-3.fc27
2018-05-05 22:28:53
ubuntu
ubuntu
Zsh vulnerabilities
2018-09-11 00:00:00
Zsh vulnerabilities
2018-03-27 00:00:00
amazon
amazon
oraclelinux
oraclelinux
zsh security update
2018-06-25 00:00:00
zsh security and bug fix update
2018-11-05 00:00:00
zsh security and bug fix update
2019-08-13 00:00:00
centos
centos
zsh security update
2018-06-21 11:56:17
zsh security update
2018-11-15 18:54:22
zsh security update
2019-08-30 04:37:53
redhat
redhat
(RHSA-2018:1932) Moderate: zsh security update
2018-06-19 02:12:48
(RHSA-2018:3073) Moderate: zsh security and bug fix update
2018-10-30 04:16:11
(RHSA-2019:2017) Moderate: zsh security and bug fix update
2019-08-06 07:50:39
slackware
slackware
[slackware-security] zsh
2019-01-14 04:33:07
gentoo
gentoo
Zsh: User-assisted execution of arbitrary code
2019-03-10 00:00:00
Zsh: Multiple vulnerabilities
2018-05-26 00:00:00
Zsh: Privilege escalation
2020-03-25 00:00:00
archlinux
archlinux
[ASA-201809-3] zsh: insufficient validation
2018-09-24 00:00:00
[ASA-201804-5] zsh: arbitrary code execution
2018-04-11 00:00:00
mageia
mageia
Updated zsh packages fix security vulnerabilities
2018-04-20 20:24:13
Updated zsh packages fix security vulnerability
2020-02-29 16:42:35
debiancve
debiancve
cve
cve
redhatcve
redhatcve
ubuntucve
ubuntucve
veracode
veracode
Privilege Escalation
2019-05-16 03:01:47
Arbitrary Command Execution
2019-08-08 00:07:10
Arbitrary Code Execution
2020-12-06 03:34:15
prion
prion
Buffer overflow
2018-02-27 22:29:00
Design/Logic Flaw
2018-09-05 08:29:00
Command injection
2020-02-24 14:15:00
f5
f5
K000134672 : Zsh vulnerability CVE-2019-20044
2023-05-19 00:00:00
alpinelinux
alpinelinux
CVE-2019-20044
2020-02-24 14:15:00
rocky
rocky
zsh security update
2020-03-19 10:45:02
almalinux
almalinux
Important: zsh security update
2020-03-19 10:45:02