Search criteria
2 vulnerabilities found for Zimbra Server by Synacor
CVE-2022-37393 (GCVE-0-2022-37393)
Vulnerability from cvelistv5 – Published: 2022-08-16 20:00 – Updated: 2024-09-17 00:45
VLAI?
Title
Zimbra zmslapd arbitrary module load
Summary
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synacor | Zimbra Server |
Affected:
9.0.0.p27 , ≤ 9.0.0.p27
(custom)
Affected: 8.8.15.p34 , ≤ 8.8.15.p34 (custom) |
Credits
Darren Martyn discovered and disclosed this vulnerability
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:21.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zimbra Server",
"vendor": "Synacor",
"versions": [
{
"lessThanOrEqual": "9.0.0.p27",
"status": "affected",
"version": "9.0.0.p27",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.8.15.p34",
"status": "affected",
"version": "8.8.15.p34",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Darren Martyn discovered and disclosed this vulnerability"
}
],
"datePublic": "2021-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
}
],
"exploits": [
{
"lang": "en",
"value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-16T20:00:19",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Zimbra zmslapd arbitrary module load",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2021-10-27T21:00:00.000Z",
"ID": "CVE-2022-37393",
"STATE": "PUBLIC",
"TITLE": "Zimbra zmslapd arbitrary module load"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zimbra Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "9.0.0.p27",
"version_value": "9.0.0.p27"
},
{
"version_affected": "\u003c=",
"version_name": "8.8.15.p34",
"version_value": "8.8.15.p34"
}
]
}
}
]
},
"vendor_name": "Synacor"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Darren Martyn discovered and disclosed this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/16807",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"name": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis",
"refsource": "MISC",
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"name": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/",
"refsource": "MISC",
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-37393",
"datePublished": "2022-08-16T20:00:19.211637Z",
"dateReserved": "2022-08-02T00:00:00",
"dateUpdated": "2024-09-17T00:45:31.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37393 (GCVE-0-2022-37393)
Vulnerability from nvd – Published: 2022-08-16 20:00 – Updated: 2024-09-17 00:45
VLAI?
Title
Zimbra zmslapd arbitrary module load
Summary
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synacor | Zimbra Server |
Affected:
9.0.0.p27 , ≤ 9.0.0.p27
(custom)
Affected: 8.8.15.p34 , ≤ 8.8.15.p34 (custom) |
Credits
Darren Martyn discovered and disclosed this vulnerability
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:21.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zimbra Server",
"vendor": "Synacor",
"versions": [
{
"lessThanOrEqual": "9.0.0.p27",
"status": "affected",
"version": "9.0.0.p27",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.8.15.p34",
"status": "affected",
"version": "8.8.15.p34",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Darren Martyn discovered and disclosed this vulnerability"
}
],
"datePublic": "2021-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
}
],
"exploits": [
{
"lang": "en",
"value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-16T20:00:19",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Zimbra zmslapd arbitrary module load",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2021-10-27T21:00:00.000Z",
"ID": "CVE-2022-37393",
"STATE": "PUBLIC",
"TITLE": "Zimbra zmslapd arbitrary module load"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zimbra Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "9.0.0.p27",
"version_value": "9.0.0.p27"
},
{
"version_affected": "\u003c=",
"version_name": "8.8.15.p34",
"version_value": "8.8.15.p34"
}
]
}
}
]
},
"vendor_name": "Synacor"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Darren Martyn discovered and disclosed this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/16807",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"name": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis",
"refsource": "MISC",
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"name": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/",
"refsource": "MISC",
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-37393",
"datePublished": "2022-08-16T20:00:19.211637Z",
"dateReserved": "2022-08-02T00:00:00",
"dateUpdated": "2024-09-17T00:45:31.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}