FS#58196 - [zsh]: CVE-2018-1100: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code ex
Attached to Project:
Arch Linux
Opened by Karol Babioch (kbabioch) - Wednesday, 11 April 2018, 07:38 GMT
Last edited by Doug Newgard (Scimmia) - Wednesday, 11 April 2018, 14:30 GMT
Opened by Karol Babioch (kbabioch) - Wednesday, 11 April 2018, 07:38 GMT
Last edited by Doug Newgard (Scimmia) - Wednesday, 11 April 2018, 14:30 GMT
|
Details
zsh through version 5.4.2 is vulnerable to a stack-based
buffer overflow in the utils.c:checkmailpath function. A
local attacker could exploit this to execute arbitrary code
in the context of another user.
References: https://bugzilla.redhat.com/show_bug.cgi?id=1563395 https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/ |
This task depends upon
Closed by Doug Newgard (Scimmia)
Wednesday, 11 April 2018, 14:30 GMT
Reason for closing: Not a bug
Additional comments about closing: 5.5 was updated in the repos 2 days ago
Wednesday, 11 April 2018, 14:30 GMT
Reason for closing: Not a bug
Additional comments about closing: 5.5 was updated in the repos 2 days ago