Security News > 2022 > October > Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite

Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite
2022-10-08 07:50

A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue.

While a fix is yet to be released, Zimbra is urging users to install the "Pax" utility and restart the Zimbra services.

"If the pax package is not installed, Amavis will fall-back to using cpio, unfortunately the fall-back is implemented poorly and will allow an unauthenticated attacker to create and overwrite files on the Zimbra server, including the Zimbra webroot," the company said last month.

"Since cpio has no mode where it can be securely used on untrusted files, the attacker can write to any path on the filesystem that the Zimbra user can access," Rapid7 researcher Ron Bowes said.

Zimbra said it expects the vulnerability to be addressed in the next Zimbra patch, which will remove the dependency on cpio and instead make pax a requirement.

Rapid7 also noted that CVE-2022-41352 is "Effectively identical" to CVE-2022-30333, a path traversal flaw in the Unix version of RARlab's unRAR utility which came to light earlier this June, the only difference being that the new flaw leverages CPIO and TAR archive formats instead of RAR. Even more troublingly, Zimbra is said to be further vulnerable to another zero-day privilege escalation flaw, which could be chained with the cpio zero-day to achieve remote root compromise of the servers.


News URL

https://thehackernews.com/2022/10/hackers-exploiting-unpatched-rce-flaw.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-09-26 CVE-2022-41352 Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0.
network
low complexity
zimbra CWE-22
critical
9.8
2022-05-09 CVE-2022-30333 Path Traversal vulnerability in multiple products
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file.
network
low complexity
rarlab debian CWE-22
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zimbra 7 0 39 16 8 63