Buffer overflow in zsh - CVE-2018-1083
Published: March 30, 2018 / Updated: April 2, 2018
Vulnerability identifier: #VU11349
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-1083
CWE-ID: CWE-120
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: SourceForge
Affected software:
zsh
zsh
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the compctl.c source code file due to insufficient bounds checking on the PATH_MAX-sized buffer used for file completion candidates. A local attacker can create a malicious directory path, trick the victim into using the autocomplete functionality to traverse the path, trigger buffer overflow and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in the compctl.c source code file due to insufficient bounds checking on the PATH_MAX-sized buffer used for file completion candidates. A local attacker can create a malicious directory path, trick the victim into using the autocomplete functionality to traverse the path, trigger buffer overflow and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2018-1083
Update to version 5.4.2-test-1.