![]() Among all Linux variants officially supported by Zimbra, only Ubuntu installs pax by default and is therefore not affected by CVE-2022-41352: Distribution pax is available from package managers (such as apt and yum) of all major Linux distributions. If this for some reason is not possible, installing pax on the machine hosting the Zimbra installation will prevent the vulnerability from being exploitable. Since Zimbra released a patch for this vulnerability, the best course of action is to update your devices immediately. The attacker can browse to the webshell to start executing arbitrary commands on the victim machine. During the extraction, a JSP webshell is deployed on one of the public directories used by the webmail component.It invokes cpio and CVE-2015-1197 is triggered. Amavis analyzes the e-mail attachments and inspects the contents of the attached archive.On receiving the e-mail, Zimbra submits it to Amavis for spam and malware inspection.An attacker sends an e-mail with a malicious Tar archive attached.In the context of CVE-2022-41352, the exploitation scenario unfolds as follows: CVE-2015-1197 is a directory traversal vulnerability: extracting specially crafted archives containing symbolic links can cause files to be placed at an arbitrary location in the file system. This creates a large attack surface where any software relying on cpio might in theory be leveraged to take over the system. Inexplicably, distribution maintainers appear to have reverted the patch and use a vulnerable version instead. The underlying cause is another vulnerability ( CVE-2015-1197) in cpio, for which a fix is available. The vulnerability affects a component of the Zimbra suite called Amavis, and more specifically the cpio utility it uses to extract archives. ![]() On October 7, 2022, a proof of concept for this vulnerability was added to the Metasploit framework, laying the groundwork for massive and global exploitation from even low-sophistication attackers. Kaspersky investigated the threat and was able to confirm that unknown APT groups have actively been exploiting this vulnerability in the wild, one of which is systematically infecting all vulnerable servers in Central Asia. In addition, manual mitigation steps can be undertaken by system administrators to prevent successful exploitation (see below). At the moment, Zimbra has released a patch and shared its installation steps. The details they provided allowed Zimbra to confirm that an unknown vulnerability allowed attackers to upload arbitrary files to up-to-date servers. To create a folder tied to an RSS or ATOM feed, check Subscribe to RSS/ATOM feed, then enter a URL.On September 10, 2022, a user reported on Zimbra’s official forums that their team detected a security incident originating from a fully patched instance of Zimbra. Your new folder is placed within the selected folder. Click Folders to have the folder at the top level or choose a location from the list of existing folders. In the Mail tab click Folders in the Overview pane. For example, you cannot have two folders named "Shopping" under your Inbox folder, but you can have one folder named "Shopping" under your Inbox folder, and another one with the same name under the Sent folder. You cannot create two folders with the same name within the same parent folder. Custom folders can be created inside other folders, including the system folders. In addition to the pre-defined system folders such as Inbox, Sent, and Trash, you can create custom folders. Zimbra Desktop FAQ for general and troubleshooting questions
0 Comments
Leave a Reply. |