12 matches found
Astra Linux – Vulnerability in zsh
In Zsh before version 5.8, attackers who were able to execute commands could regain privileges lost due to the --no-PRIVILEGED option. Zsh failed to overwrite the saved user ID, so the original privileges could be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls...
DEBIAN-CVE-2019-20044
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls setuid...
ALPINE-CVE-2019-20044
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls setuid...
UBUNTU-CVE-2019-20044
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls setuid...
openSUSE Security Update : zsh (openSUSE-2019-501)
This update for zsh to version 5.5 fixes the following issues : Security issues fixed : - CVE-2018-1100: Fixes a buffer overflow in utils.c:checkmailpath that can lead to local arbitrary code execution bsc1089030 - CVE-2018-1071: Fixed a stack-based buffer overflow in exec.c:hashcmd bsc1084656 -...
openSUSE: Security Advisory for zsh (openSUSE-SU-2018:1893-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : zsh (openSUSE-2018-1094)
This update for zsh to version 5.6.2 fixes the following issues : These security issues were fixed : - CVE-2018-0502: The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line bsc1107296 - CVE-2018-13259: Shebang lines exceeding 6...
Security update for zsh (important)
This update for zsh to version 5.6.2 fixes the following issues: These security issues were fixed: - CVE-2018-0502: The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line bsc1107296 - CVE-2018-13259: Shebang lines exceeding 64...
openSUSE Security Update : zsh (openSUSE-2018-699)
This update for zsh to version 5.5 fixes the following issues : Security issues fixed : - CVE-2018-1100: Fixes a buffer overflow in utils.c:checkmailpath that can lead to local arbitrary code execution bsc1089030 - CVE-2018-1071: Fixed a stack-based buffer overflow in exec.c:hashcmd bsc1084656 -...
Security update for zsh (moderate)
This update for zsh to version 5.5 fixes the following issues: Security issues fixed: - CVE-2018-1100: Fixes a buffer overflow in utils.c:checkmailpath that can lead to local arbitrary code execution bsc1089030 - CVE-2018-1071: Fixed a stack-based buffer overflow in exec.c:hashcmd bsc1084656 -...
Unix Command Shell, Bind TCP (via Zsh)
Listen for a connection and spawn a command shell via Zsh. Note: Although Zsh is often available, please be aware it isn't usually installed by default. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module...
Unix Command Shell, Reverse TCP (via Zsh)
Connect back and create a command shell via Zsh. Note: Although Zsh is often available, please be aware it isn't usually installed by default. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule...