Script Execution Flaw in Z Shell Affects Multiple Versions
CVE-2018-0502

9.8CRITICAL

Key Information:

Vendor: Canonical
Status: Zsh Before 5.6
Vendor: CVE Published:; 5 September 2018

Summary

A vulnerability exists in Z Shell that mishandles the beginning of a #! script file. This flaw may lead to an unintended execve call to a program specified on the second line of such a script, which could allow unauthorized commands to be executed.

Affected Version(s)

zsh before 5.6 zsh before 5.6

References

https://bugs.debian.org/908000

x_refsource_MISC

https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df02...

x_refsource_MISC

https://www.zsh.org/mla/zsh-announce/136

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 5, 2018
Vulnerability Reserved
Nov 27, 2017