Security News > 2022 > October > Hackers exploiting unpatched RCE bug in Zimbra Collaboration Suite
Hackers are actively exploiting an unpatched remote code execution vulnerability in Zimbra Collaboration Suite, a widely deployed web client and email server.
Zimbra released a security advisory on September 14 to warn system administrators to install Pax, a portable archiving utility, and restart their Zimbra servers to replace cpio, which is the vulnerable component.
"If the pax package is not installed, Amavis will fall-back to using cpio, unfortunately the fall-back is implemented poorly and will allow an unauthenticated attacker to create and overwrite files on the Zimbra server, including the Zimbra webroot," warned the September security advisory.
Even worse, tests conducted by Rapid7 show that many Linux distributions officially supported by Zimbra still do not install Pax by default, making these installations vulnerable to the bug.
"In addition to this cpio 0-day vulnerability, Zimbra also suffers from a 0-day privilege escalation vulnerability, which has a Metasploit module. That means that this 0-day in cpio can lead directly to a remote root compromise of Zimbra Collaboration Suite servers," further warn the researchers.
Zimbra plans to mitigate this issue decisively by deprecating cpio and making Pax a prerequisite for Zimbra Collaboration Suite, thus enforcing its use.