Bug 1549287 (CVE-2014-10070)
Summary: | CVE-2014-10070 zsh: privilege escalation via environment variables | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | dmaphy, james.antill, j, kdudka, rcosta, svashisht |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | zsh 5.0.7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-03-13 17:07:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1549288, 1549290 | ||
Bug Blocks: | 1549289 |
Description
Pedro Sampaio
2018-02-26 21:47:08 UTC
Created zsh tracking bugs for this issue: Affects: fedora-all [bug 1549288] Mitigation: Don't allow environment variables 'OPTIND' and 'TRY_BLOCK_ERROR' to be inherited by shells called through zsh. Mitigated by default on Red Hat Enterprise Linux versions 5, 6 and 7, since this is the default configuration on those versions. Statement: Red Hat Product Security has rated this issue as having security impact of Low. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. |