Ubuntu.comUB:CVE-2014-10070CVE-2014-10070
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
zsh before 5.0.7 allows evaluation of the initial values of integer
variables imported from the environment (instead of treating them as
literal numbers). That could allow local privilege escalation, under some
specific and atypical conditions where zsh is being invoked in
privilege-elevation contexts when the environment has not been properly
sanitized, such as when zsh is invoked by sudo on systems where “env_reset”
has been disabled.
References
zsh.sourceforge.net/releases.html
launchpad.net/bugs/cve/CVE-2014-10070
nvd.nist.gov/vuln/detail/CVE-2014-10070
security-tracker.debian.org/tracker/CVE-2014-10070
sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72
ubuntu.com/security/notices/USN-3593-1
www.cve.org/CVERecord?id=CVE-2014-10070
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%