CVE-2014-10070

Ubuntu Security Notice USN-3593-1

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled.

zsh, en versiones anteriores a la 5.0.7, permite la evaluación de los valores- iniciales de las variables de enteros importadas del entorno (en lugar de tratarlas como números literales). Esto podría permitir el escalado de privilegios local, bajo ciertas condiciones específicas y atípicas, cuando zsh se está invocando en contextos de elevación de privilegios en los que el entorno no se ha saneado correctamente, como cuando zsh se invoca en sistemas en los que se ha deshabilitado "env_reset".

It was discovered that Zsh incorrectly handled certain environment variables. An attacker could possibly use this issue to gain privileged access to the system. This issue only affected Ubuntu 14.04 LTS. It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-02-27 CVE Reserved
2018-02-27 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (3)

URL	Tag	Source
http://zsh.sourceforge.net/releases.html	Release Notes

URL	Date	SRC

URL	Date	SRC
https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72	2018-03-21

URL	Date	SRC
https://usn.ubuntu.com/3593-1	2018-03-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zsh Project Search vendor "Zsh Project"		Zsh Search vendor "Zsh Project" for product "Zsh"				<= 5.0.6 Search vendor "Zsh Project" for product "Zsh" and version " <= 5.0.6"		-		Affected