CVE-2018-1083

CVE-2018-1083

Name

CVE-2018-1083

Description

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=1557382
Third Party Advisory	https://usn.ubuntu.com/3608-1/
Mailing List	https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html
Third Party Advisory	http://www.securityfocus.com/bid/103572
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:1932
Third Party Advisory	https://security.gentoo.org/glsa/201805-10
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3073
MLIST	https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html

Type

URI

Patch

https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1557382

Third Party Advisory

https://usn.ubuntu.com/3608-1/

Mailing List

https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html

Third Party Advisory

http://www.securityfocus.com/bid/103572