CVE-2018-1100

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://access.redhat.com/errata/RHSA-2018:1932	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3073	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1563395	Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html
https://security.gentoo.org/glsa/201805-10	Third Party Advisory
https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/	Patch
https://usn.ubuntu.com/3764-1/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:zsh:zsh:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

Configuration 3 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

History

07 Nov 2023, 02:55

Type	Values Removed	Values Added
CWE	~~CWE-121~~

13 Feb 2023, 04:53

Type	Values Removed	Values Added
CWE	~~CWE-787~~	CWE-120 CWE-121
References	~~{'url': 'https://access.redhat.com/security/cve/CVE-2018-1100', 'name': 'https://access.redhat.com/security/cve/CVE-2018-1100', 'tags': [], 'refsource': 'MISC'}~~
Summary	A buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom "you have new mail" message, leads to code execution in the context of the user who receives the message. If the user affected is privileged, this leads to privilege escalation.	zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.

02 Feb 2023, 21:18

Type	Values Removed	Values Added
References		(MISC) https://access.redhat.com/security/cve/CVE-2018-1100 -
Summary	zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.	A buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom "you have new mail" message, leads to code execution in the context of the user who receives the message. If the user affected is privileged, this leads to privilege escalation.

Information

Published : 2018-04-11 19:29

Updated : 2023-12-10 12:30

NVD link : CVE-2018-1100

Mitre link : CVE-2018-1100

CVE.ORG link : CVE-2018-1100

JSON object : View

Products Affected

redhat

enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server

zsh

canonical

ubuntu_linux

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-787

Out-of-bounds Write

7.8 /10