OpenSUSE Linux update for zsh
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2018-0502 CVE-2018-1071 CVE-2018-1083 CVE-2018-1100 CVE-2018-13259 |
| CWE-ID | CWE-862 CWE-121 CWE-120 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #5 is available. |
| Vulnerable software |
Opensuse Operating systems & Components / Operating system |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Authorization bypass
EUVDB-ID: #VU14702
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-0502
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute a program without proper authorization on the target system.
The vulnerability exists due to improper handling of the beginning of a shebang (#!) script file. A local attacker can execute a shebang script file that submits malicious input, pass content from the second line of the file to execve() and execute a program without proper authorization on the system.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-10/msg00001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Stack-based buffer overflow
EUVDB-ID: #VU12187
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1071
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DOS condition on the target system.
The weakness exists in the exec.c:hashcmd() function due to stack-based buffer overflow. A local attacker can trigger memory corruption and cause the service to crash.
Update the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-10/msg00001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU11349
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1083
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the compctl.c source code file due to insufficient bounds checking on the PATH_MAX-sized buffer used for file completion candidates. A local attacker can create a malicious directory path, trick the victim into using the autocomplete functionality to traverse the path, trigger buffer overflow and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-10/msg00001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Stack-based buffer overflow
EUVDB-ID: #VU11771
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1100
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker can trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-10/msg00001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Authorization bypass
EUVDB-ID: #VU14701
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-13259
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute a program without proper authorization on the target system.
The vulnerability exists due to improper truncating of shebang (#!) lines that exceed 64 characters. A local attacker can access the shell and submit a shebang line longer than 64 characters, cause the software to make an execve() call to a program name that is a substring of the intended one and execute a program without proper authorization on the system.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-10/msg00001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
