QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-20044

Back to search

CVE-2019-20044

Published: Feb 24, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

VendorProductVersions

n/a

n/a

affected
n/a

References

FEDORA-2020-3f38f3e517
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-9009363f0f
vendor-advisory
x_refsource_FEDORA
GLSA-202003-55
vendor-advisory
x_refsource_GENTOO
20200529 APPLE-SA-2020-05-26-5 watchOS 6.2.5
mailing-list
x_refsource_FULLDISC
20200529 APPLE-SA-2020-05-26-4 tvOS 13.4.5
mailing-list
x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now