SB2018100203 - OpenSUSE Linux update for zsh 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018100203

SB2018100203 - OpenSUSE Linux update for zsh

Published: October 2, 2018 Updated: October 5, 2018

Security Bulletin ID SB2018100203
Severity
Low
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Authorization bypass (CVE-ID: CVE-2018-0502)

The vulnerability allows a local attacker to execute a program without proper authorization on the target system.

The vulnerability exists due to improper handling of the beginning of a shebang (#!) script file. A local attacker can execute a shebang script file that submits malicious input, pass content from the second line of the file to execve() and execute a program without proper authorization on the system. 


2) Stack-based buffer overflow (CVE-ID: CVE-2018-1071)

The vulnerability allows a local attacker to cause DOS condition on the target system.

The weakness exists in the exec.c:hashcmd() function due to stack-based buffer overflow. A local attacker can trigger memory corruption and cause the service to crash.

3) Buffer overflow (CVE-ID: CVE-2018-1083)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the compctl.c source code file due to insufficient bounds checking on the PATH_MAX-sized buffer used for file completion candidates. A local attacker can create a malicious directory path, trick the victim into using the autocomplete functionality to traverse the path, trigger buffer overflow and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Stack-based buffer overflow (CVE-ID: CVE-2018-1100)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Authorization bypass (CVE-ID: CVE-2018-13259)

The vulnerability allows a local attacker to execute a program without proper authorization on the target system.

The vulnerability exists due to improper truncating of shebang (#!) lines that exceed 64 characters. A local attacker can access the shell and submit a shebang line longer than 64 characters, cause the software to make an execve() call to a program name that is a substring of the intended one and execute a program without proper authorization on the system.


Remediation

Install update from vendor's website.

References