zsh 64-Character Shebang Lines execve() Call VulnerabilitySeptember 7, 2018 am30 2:16 am

A vulnerability in zsh could allow a local attacker to execute a program without proper authorization on a targeted system.

The vulnerability exists because the affected software improperly truncates shebang (#!) lines that exceed 64 characters. An attacker could exploit this vulnerability by accessing the shell and submitting a shebang line longer than 64 characters to a targeted system. A successful exploit could cause the software to make an execve() call to a program name that is a substring of the intended one, which could allow the attacker to execute a program without proper authorization on the system.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

The vendor has confirmed the vulnerability and released software updates.

Security Impact Rating: Low

CVE: CVE-2018-13259

%d bloggers like this: