vulnerability
Oracle Solaris 11: CVE-2014-10070: Vulnerability in KornShell, Zsh Shell
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | Feb 27, 2018 | Jun 18, 2018 | Feb 17, 2022 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Feb 27, 2018
Added
Jun 18, 2018
Modified
Feb 17, 2022
Description
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled.
Solutions
oracle-solaris-11-2-upgrade-shell-zsh-5-0-7-0-175-2-6-0-2-0oracle-solaris-11-4-upgrade-developer-astdev93-93-21-1-20120801-11-4-24-0-1-75-1oracle-solaris-11-4-upgrade-shell-ksh93-93-21-1-20120801-11-4-24-0-1-75-1oracle-solaris-11-4-upgrade-shell-zsh-5-6-2-11-4-4-0-1-3-0oracle-solaris-11-4-upgrade-source-demo-ksh93-93-21-1-20120801-11-4-24-0-1-75-1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.