OpenSUSE Linux update for zsh

1) Authorization bypass

EUVDB-ID: #VU14702

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-0502

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local attacker to execute a program without proper authorization on the target system.

The vulnerability exists due to improper handling of the beginning of a shebang (#!) script file. A local attacker can execute a shebang script file that submits malicious input, pass content from the second line of the file to execve() and execute a program without proper authorization on the system. 

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00001.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Stack-based buffer overflow

EUVDB-ID: #VU12187

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1071

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DOS condition on the target system.

The weakness exists in the exec.c:hashcmd() function due to stack-based buffer overflow. A local attacker can trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00001.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU11349

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1083

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the compctl.c source code file due to insufficient bounds checking on the PATH_MAX-sized buffer used for file completion candidates. A local attacker can create a malicious directory path, trick the victim into using the autocomplete functionality to traverse the path, trigger buffer overflow and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00001.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Stack-based buffer overflow

EUVDB-ID: #VU11771

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1100

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00001.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Authorization bypass

EUVDB-ID: #VU14701

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-13259

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local attacker to execute a program without proper authorization on the target system.

The vulnerability exists due to improper truncating of shebang (#!) lines that exceed 64 characters. A local attacker can access the shell and submit a shebang line longer than 64 characters, cause the software to make an execve() call to a program name that is a substring of the intended one and execute a program without proper authorization on the system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00001.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.