Amazon Linux AMI update for zsh



Published: 2018-12-07
Risk Low
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2018-1100
CVE-2018-1071
CVE-2017-18205
CVE-2017-18206
CVE-2014-10071
CVE-2018-7549
CVE-2014-10072
CVE-2018-1083
CWE-ID CWE-121
CWE-476
CWE-120
CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Amazon Linux AMI
Operating systems & Components / Operating system

Vendor Amazon Web Services

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Stack-based buffer overflow

EUVDB-ID: #VU11771

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1100

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

i686:
    zsh-5.0.2-31.17.amzn1.i686
    zsh-html-5.0.2-31.17.amzn1.i686
    zsh-debuginfo-5.0.2-31.17.amzn1.i686

src:
    zsh-5.0.2-31.17.amzn1.src

x86_64:
    zsh-5.0.2-31.17.amzn1.x86_64
    zsh-debuginfo-5.0.2-31.17.amzn1.x86_64
    zsh-html-5.0.2-31.17.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1107.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stack-based buffer overflow

EUVDB-ID: #VU12187

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1071

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DOS condition on the target system.

The weakness exists in the exec.c:hashcmd() function due to stack-based buffer overflow. A local attacker can trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    zsh-5.0.2-31.17.amzn1.i686
    zsh-html-5.0.2-31.17.amzn1.i686
    zsh-debuginfo-5.0.2-31.17.amzn1.i686

src:
    zsh-5.0.2-31.17.amzn1.src

x86_64:
    zsh-5.0.2-31.17.amzn1.x86_64
    zsh-debuginfo-5.0.2-31.17.amzn1.x86_64
    zsh-html-5.0.2-31.17.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1107.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU10869

Risk: Low

CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-18205

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to a NULL pointer dereference when processing a cd command while in sh compatibility mode. A local attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    zsh-5.0.2-31.17.amzn1.i686
    zsh-html-5.0.2-31.17.amzn1.i686
    zsh-debuginfo-5.0.2-31.17.amzn1.i686

src:
    zsh-5.0.2-31.17.amzn1.src

x86_64:
    zsh-5.0.2-31.17.amzn1.x86_64
    zsh-debuginfo-5.0.2-31.17.amzn1.x86_64
    zsh-html-5.0.2-31.17.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1107.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU10855

Risk: Low

CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-18206

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the utils.c source code file due to insufficient checks on buffer lengths for symlink expansion. A local attacker can send specially crafted input, trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    zsh-5.0.2-31.17.amzn1.i686
    zsh-html-5.0.2-31.17.amzn1.i686
    zsh-debuginfo-5.0.2-31.17.amzn1.i686

src:
    zsh-5.0.2-31.17.amzn1.src

x86_64:
    zsh-5.0.2-31.17.amzn1.x86_64
    zsh-debuginfo-5.0.2-31.17.amzn1.x86_64
    zsh-html-5.0.2-31.17.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1107.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU10871

Risk: Low

CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-10071

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the exec.c source code file due to buffer overflow. A local attacker can send long file descriptors (fds), in the >& fd syntax, trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    zsh-5.0.2-31.17.amzn1.i686
    zsh-html-5.0.2-31.17.amzn1.i686
    zsh-debuginfo-5.0.2-31.17.amzn1.i686

src:
    zsh-5.0.2-31.17.amzn1.src

x86_64:
    zsh-5.0.2-31.17.amzn1.x86_64
    zsh-debuginfo-5.0.2-31.17.amzn1.x86_64
    zsh-html-5.0.2-31.17.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1107.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU10856

Risk: Low

CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-7549

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the params.c source code file due to improper handling of hash tables. A local attacker can copy an empty hash table with the typeset -p command and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    zsh-5.0.2-31.17.amzn1.i686
    zsh-html-5.0.2-31.17.amzn1.i686
    zsh-debuginfo-5.0.2-31.17.amzn1.i686

src:
    zsh-5.0.2-31.17.amzn1.src

x86_64:
    zsh-5.0.2-31.17.amzn1.x86_64
    zsh-debuginfo-5.0.2-31.17.amzn1.x86_64
    zsh-html-5.0.2-31.17.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1107.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU10874

Risk: Low

CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-10072

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the utils.c source code file due to buffer overflow. A local attacker can trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    zsh-5.0.2-31.17.amzn1.i686
    zsh-html-5.0.2-31.17.amzn1.i686
    zsh-debuginfo-5.0.2-31.17.amzn1.i686

src:
    zsh-5.0.2-31.17.amzn1.src

x86_64:
    zsh-5.0.2-31.17.amzn1.x86_64
    zsh-debuginfo-5.0.2-31.17.amzn1.x86_64
    zsh-html-5.0.2-31.17.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1107.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU11349

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1083

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the compctl.c source code file due to insufficient bounds checking on the PATH_MAX-sized buffer used for file completion candidates. A local attacker can create a malicious directory path, trick the victim into using the autocomplete functionality to traverse the path, trigger buffer overflow and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages.

i686:
    zsh-5.0.2-31.17.amzn1.i686
    zsh-html-5.0.2-31.17.amzn1.i686
    zsh-debuginfo-5.0.2-31.17.amzn1.i686

src:
    zsh-5.0.2-31.17.amzn1.src

x86_64:
    zsh-5.0.2-31.17.amzn1.x86_64
    zsh-debuginfo-5.0.2-31.17.amzn1.x86_64
    zsh-html-5.0.2-31.17.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1107.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###