{
  "threat_severity" : "Important",
  "public_date" : "2020-02-16T00:00:00Z",
  "bugzilla" : {
    "description" : "zsh: insecure dropping of privileges when unsetting PRIVILEGED option",
    "id" : "1804859",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1804859"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-271",
  "details" : [ "In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().", "A flaw was found in zsh. When unsetting the PRIVILEGED option, the shell sets its effective user and group IDs to match their respective real IDs. When the RUID and EUID were both non-zero, it is possible to regain the shell's former privileges. Also, the setopt built-in did not correctly report errors when unsetting the option, which prevented users from handling them as the documentation recommended. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2020-03-18T00:00:00Z",
    "advisory" : "RHSA-2020:0892",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "zsh-0:4.3.11-11.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-03-17T00:00:00Z",
    "advisory" : "RHSA-2020:0853",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "zsh-0:5.0.2-34.el7_7.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-03-19T00:00:00Z",
    "advisory" : "RHSA-2020:0903",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "zsh-0:5.5.1-6.el8_1.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-03-19T00:00:00Z",
    "advisory" : "RHSA-2020:0903",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "zsh-0:5.5.1-6.el8_1.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
    "release_date" : "2020-03-26T00:00:00Z",
    "advisory" : "RHSA-2020:0978",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.0",
    "package" : "zsh-0:5.5.1-6.el8_0.2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "zsh",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-20044\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20044\nhttp://zsh.sourceforge.net/releases.html" ],
  "name" : "CVE-2019-20044",
  "csaw" : false
}