cvelistv5 - cve-2022-37393

CVE-2022-37393 (GCVE-0-2022-37393)

Vulnerability from cvelistv5 – Published: 2022-08-16 20:00 – Updated: 2024-09-17 00:45

Summary

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

Severity ?

No CVSS data available.

CWE

CWE-284 - Improper Access Control

Assigner

rapid7

References

URL

Tags

	https://github.com/rapid7/metasploit-framework/pu…	x_refsource_MISC
	https://attackerkb.com/topics/92AeLOE1M1/cve-2022…	x_refsource_MISC
	https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Synacor	Zimbra Server	Affected: 9.0.0.p27 , ≤ 9.0.0.p27 (custom) Affected: 8.8.15.p34 , ≤ 8.8.15.p34 (custom)

Credits

Darren Martyn discovered and disclosed this vulnerability

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:29:21.022Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/rapid7/metasploit-framework/pull/16807"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Zimbra Server",
          "vendor": "Synacor",
          "versions": [
            {
              "lessThanOrEqual": "9.0.0.p27",
              "status": "affected",
              "version": "9.0.0.p27",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.8.15.p34",
              "status": "affected",
              "version": "8.8.15.p34",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Darren Martyn discovered and disclosed this vulnerability"
        }
      ],
      "datePublic": "2021-10-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-16T20:00:19",
        "orgId": "9974b330-7714-4307-a722-5648477acda7",
        "shortName": "rapid7"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rapid7/metasploit-framework/pull/16807"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Zimbra zmslapd arbitrary module load",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@rapid7.com",
          "DATE_PUBLIC": "2021-10-27T21:00:00.000Z",
          "ID": "CVE-2022-37393",
          "STATE": "PUBLIC",
          "TITLE": "Zimbra zmslapd arbitrary module load"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Zimbra Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "9.0.0.p27",
                            "version_value": "9.0.0.p27"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "8.8.15.p34",
                            "version_value": "8.8.15.p34"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Synacor"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Darren Martyn discovered and disclosed this vulnerability"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-284 Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/rapid7/metasploit-framework/pull/16807",
              "refsource": "MISC",
              "url": "https://github.com/rapid7/metasploit-framework/pull/16807"
            },
            {
              "name": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis",
              "refsource": "MISC",
              "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
            },
            {
              "name": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/",
              "refsource": "MISC",
              "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
    "assignerShortName": "rapid7",
    "cveId": "CVE-2022-37393",
    "datePublished": "2022-08-16T20:00:19.211637Z",
    "dateReserved": "2022-08-02T00:00:00",
    "dateUpdated": "2024-09-17T00:45:31.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"144C9B35-9A82-4A47-82E3-0E0CA71E0C7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01379F5C-0157-4880-913A-67729D63E970\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFD06515-D376-4788-A9E6-5531D08BFDD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C68411C-B094-4895-9AF9-C7FFA9479D0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.11:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5D00519-8429-4C8F-A455-F5DD246D4009\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.11:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"519F4C15-811A-4A76-A7F4-251E17DCA7B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.11:p10:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8961767-9B1D-4AF6-A014-9770FF925FE5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.11:p11:*:*:*:*:*:*\", \"matchCriteriaId\": \"56736F6C-E472-4D81-A4DF-7B4D7D3F4232\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.11:p12:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7802EA0-016C-432B-9C57-BD75817CCA49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.11:p13:*:*:*:*:*:*\", \"matchCriteriaId\": \"45760766-95FA-485A-BB1F-76CC78D2BB47\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.11:p14:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5B0658C-9278-4078-8DB7-D4A693B4B5F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.11:p15:*:*:*:*:*:*\", \"matchCriteriaId\": \"649EA6F7-1A0B-4B68-AD00-364F85734CF1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.11:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F9A281D-09CC-4AFA-9854-D6228C73271B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.11:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"508EC887-BD57-4CD8-B6FC-453212684641\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.11:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"52FCDC0C-63C5-4105-872D-C8517DFFAD05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.11:p5:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFA94BE6-031F-4279-95DA-D95A83CCE808\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.11:p6:*:*:*:*:*:*\", \"matchCriteriaId\": \"7757D0F0-900A-4F36-8975-B493EBBD5977\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.11:p7:*:*:*:*:*:*\", \"matchCriteriaId\": \"98483031-531D-44BA-95E5-FCE02768C8DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.11:p8:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1AC65E0-7DF7-43AD-A539-A62FB50B027C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.7.11:p9:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E9306C5-E541-4CFB-9BF9-DF9CABE19A1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6DD0677-D894-47D9-8840-FCF2BEDB1DE7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43EDB16D-8825-456A-A904-BC22B4515CB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70B8B9C4-7764-474A-B428-02ACF9B7796E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EB754D1-ECD8-4F4E-8328-0A6D1D4484AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4C6CB7A-3FC1-4FD0-8529-9F9414615895\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACA92EF6-1745-4441-8C40-E8E646A3B5E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.8:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"2948265E-41C3-420C-8EBB-06779B4159E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.8:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C386097D-3717-4CE4-9A7D-D9F79349F962\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.8:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"B70BD874-A325-4573-97A6-B2960F8C3A3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.8:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEF3C967-F801-4DA4-A500-AC26CBD69095\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.8:p7:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4AE8C84-EF5B-4720-8530-086FC4D6E2F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.9:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"22FB2707-4CC0-4176-B91A-778E3CE4D67B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.9:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"20F1987A-96A3-4CFD-B47A-C6E4D8A0D359\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.9:p10:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E6E2A24-085D-48BE-A395-8C9EFB1DD00C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.9:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9F5B9C5-2BD5-4205-8119-61F4E9E16141\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.10:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"030FE87C-00C4-4187-ACA5-09DB7FED5E49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.10:p8:*:*:*:*:*:*\", \"matchCriteriaId\": \"C073A50A-E2DC-4D9C-8F06-D569997817E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.11:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"5328F774-1379-46A4-AB13-63202B9AA503\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.11:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFF73FAD-FCB2-4054-9544-39AEFBDCECC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.11:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BD596FB-2B50-4D0A-B230-6862E6172D09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.11:p5:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E43D54E-A10C-4E05-B745-D12E6585E7F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.12:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2B204A5-1E74-444B-B20C-3A36E43482EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.12:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7F04FB4-AE06-4863-A361-76DB91A12E7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.12:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5E0C63F-8DF3-49C5-83A6-6C7F6F1D8F46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DD4641A-EC23-4B1A-8729-9AECD70390AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"21768A61-7578-4EEC-A23B-FEC10CAA9EDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA758408-4302-43BC-BDC9-1B70EC5D2FED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*\", \"matchCriteriaId\": \"822CDEBC-0650-4970-B46F-06F505993086\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*\", \"matchCriteriaId\": \"971B5005-4676-4D93-A7DD-6AFDC8D0BEEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*\", \"matchCriteriaId\": \"81BC6A7F-D014-44B3-9361-20DB256D3C8D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*\", \"matchCriteriaId\": \"0695D2E0-45B3-493C-BA6D-471B90C0ACC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E4DF01A-1AA9-47E8-82FD-65A02ECA1376\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7A47276-F241-4A68-9458-E1481EBDC5E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC19F11D-23D9-429D-A957-D67F23A40A01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*\", \"matchCriteriaId\": \"AAFA2EE7-C965-4F27-8CAE-E607A9F202AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"33F50D8C-7027-4A8D-8E95-98C224283772\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*\", \"matchCriteriaId\": \"7215AE2C-8A33-4AB9-88D5-7C8CD11E806C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D859F77-8E39-4D46-BC90-C5C1D805A666\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.\"}, {\"lang\": \"es\", \"value\": \"La configuraci\\u00f3n sudo de Zimbra permite al usuario zimbra ejecutar el binario zmslapd como root con par\\u00e1metros arbitrarios. Como parte de su funcionalidad prevista, zmslapd puede cargar un archivo de configuraci\\u00f3n definido por el usuario, que incluye plugins en forma de archivos .so, que tambi\\u00e9n son ejecutadas como root.\"}]",
      "id": "CVE-2022-37393",
      "lastModified": "2024-11-21T07:14:54.630",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2022-08-16T20:15:07.860",
      "references": "[{\"url\": \"https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/rapid7/metasploit-framework/pull/16807\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/rapid7/metasploit-framework/pull/16807\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@rapid7.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cve@rapid7.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-37393\",\"sourceIdentifier\":\"cve@rapid7.com\",\"published\":\"2022-08-16T20:15:07.860\",\"lastModified\":\"2024-11-21T07:14:54.630\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.\"},{\"lang\":\"es\",\"value\":\"La configuraci\u00f3n sudo de Zimbra permite al usuario zimbra ejecutar el binario zmslapd como root con par\u00e1metros arbitrarios. Como parte de su funcionalidad prevista, zmslapd puede cargar un archivo de configuraci\u00f3n definido por el usuario, que incluye plugins en forma de archivos .so, que tambi\u00e9n son ejecutadas como root.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"cve@rapid7.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"144C9B35-9A82-4A47-82E3-0E0CA71E0C7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01379F5C-0157-4880-913A-67729D63E970\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFD06515-D376-4788-A9E6-5531D08BFDD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C68411C-B094-4895-9AF9-C7FFA9479D0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.11:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5D00519-8429-4C8F-A455-F5DD246D4009\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.11:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"519F4C15-811A-4A76-A7F4-251E17DCA7B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.11:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8961767-9B1D-4AF6-A014-9770FF925FE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.11:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"56736F6C-E472-4D81-A4DF-7B4D7D3F4232\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.11:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7802EA0-016C-432B-9C57-BD75817CCA49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.11:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"45760766-95FA-485A-BB1F-76CC78D2BB47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.11:p14:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5B0658C-9278-4078-8DB7-D4A693B4B5F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.11:p15:*:*:*:*:*:*\",\"matchCriteriaId\":\"649EA6F7-1A0B-4B68-AD00-364F85734CF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.11:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F9A281D-09CC-4AFA-9854-D6228C73271B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.11:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"508EC887-BD57-4CD8-B6FC-453212684641\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.11:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"52FCDC0C-63C5-4105-872D-C8517DFFAD05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.11:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFA94BE6-031F-4279-95DA-D95A83CCE808\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.11:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"7757D0F0-900A-4F36-8975-B493EBBD5977\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.11:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"98483031-531D-44BA-95E5-FCE02768C8DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.11:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1AC65E0-7DF7-43AD-A539-A62FB50B027C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.7.11:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E9306C5-E541-4CFB-9BF9-DF9CABE19A1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6DD0677-D894-47D9-8840-FCF2BEDB1DE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43EDB16D-8825-456A-A904-BC22B4515CB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70B8B9C4-7764-474A-B428-02ACF9B7796E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EB754D1-ECD8-4F4E-8328-0A6D1D4484AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4C6CB7A-3FC1-4FD0-8529-9F9414615895\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACA92EF6-1745-4441-8C40-E8E646A3B5E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"2948265E-41C3-420C-8EBB-06779B4159E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.8:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C386097D-3717-4CE4-9A7D-D9F79349F962\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.8:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B70BD874-A325-4573-97A6-B2960F8C3A3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.8:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEF3C967-F801-4DA4-A500-AC26CBD69095\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.8:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4AE8C84-EF5B-4720-8530-086FC4D6E2F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.9:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"22FB2707-4CC0-4176-B91A-778E3CE4D67B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.9:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"20F1987A-96A3-4CFD-B47A-C6E4D8A0D359\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.9:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E6E2A24-085D-48BE-A395-8C9EFB1DD00C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.9:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9F5B9C5-2BD5-4205-8119-61F4E9E16141\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.10:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"030FE87C-00C4-4187-ACA5-09DB7FED5E49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.10:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"C073A50A-E2DC-4D9C-8F06-D569997817E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.11:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"5328F774-1379-46A4-AB13-63202B9AA503\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.11:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFF73FAD-FCB2-4054-9544-39AEFBDCECC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.11:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BD596FB-2B50-4D0A-B230-6862E6172D09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.11:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E43D54E-A10C-4E05-B745-D12E6585E7F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.12:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2B204A5-1E74-444B-B20C-3A36E43482EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.12:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7F04FB4-AE06-4863-A361-76DB91A12E7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.12:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5E0C63F-8DF3-49C5-83A6-6C7F6F1D8F46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DD4641A-EC23-4B1A-8729-9AECD70390AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"21768A61-7578-4EEC-A23B-FEC10CAA9EDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA758408-4302-43BC-BDC9-1B70EC5D2FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*\",\"matchCriteriaId\":\"822CDEBC-0650-4970-B46F-06F505993086\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*\",\"matchCriteriaId\":\"971B5005-4676-4D93-A7DD-6AFDC8D0BEEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*\",\"matchCriteriaId\":\"81BC6A7F-D014-44B3-9361-20DB256D3C8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"0695D2E0-45B3-493C-BA6D-471B90C0ACC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E4DF01A-1AA9-47E8-82FD-65A02ECA1376\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7A47276-F241-4A68-9458-E1481EBDC5E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC19F11D-23D9-429D-A957-D67F23A40A01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAFA2EE7-C965-4F27-8CAE-E607A9F202AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F50D8C-7027-4A8D-8E95-98C224283772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"7215AE2C-8A33-4AB9-88D5-7C8CD11E806C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D859F77-8E39-4D46-BC90-C5C1D805A666\"}]}]}],\"references\":[{\"url\":\"https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rapid7/metasploit-framework/pull/16807\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rapid7/metasploit-framework/pull/16807\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

GSD-2022-37393

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-37393

Aliases

CVE-2022-37393

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-37393",
    "description": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.",
    "id": "GSD-2022-37393"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-37393"
      ],
      "details": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.",
      "id": "GSD-2022-37393",
      "modified": "2023-12-13T01:19:13.197228Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@rapid7.com",
        "DATE_PUBLIC": "2021-10-27T21:00:00.000Z",
        "ID": "CVE-2022-37393",
        "STATE": "PUBLIC",
        "TITLE": "Zimbra zmslapd arbitrary module load"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Zimbra Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "9.0.0.p27",
                          "version_value": "9.0.0.p27"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_name": "8.8.15.p34",
                          "version_value": "8.8.15.p34"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Synacor"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Darren Martyn discovered and disclosed this vulnerability"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
        }
      ],
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-284 Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/rapid7/metasploit-framework/pull/16807",
            "refsource": "MISC",
            "url": "https://github.com/rapid7/metasploit-framework/pull/16807"
          },
          {
            "name": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis",
            "refsource": "MISC",
            "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
          },
          {
            "name": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/",
            "refsource": "MISC",
            "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p14:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.8:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.8:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.8:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.8:p4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.8:p7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.9:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.9:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.9:p10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.9:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.10:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.10:p8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.11:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.11:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.11:p4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.11:p5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.12:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.12:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.12:p4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@rapid7.com",
          "ID": "CVE-2022-37393"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
            },
            {
              "name": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
            },
            {
              "name": "https://github.com/rapid7/metasploit-framework/pull/16807",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/rapid7/metasploit-framework/pull/16807"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-08-18T17:12Z",
      "publishedDate": "2022-08-16T20:15Z"
    }
  }
}

CERTFR-2022-ALE-009

Vulnerability from certfr_alerte - Published: - Updated:

[MaJ 12 octobre 2022] Un correctif est désormais disponible (cf. section Documentation).

[Publication initiale]

Le 15 septembre 2022, l'éditeur Zimbra a publié un avis de sécurité mentionnant une vulnérabilité dans l'implémentation de cpio par son moteur d'antivirus (Amavis). L'outil d'extraction d'archive cpio est utilisé par Zimbra dès lors que l'utilitaire pax n'est pas installé. Cette vulnérabilité permet à un attaquant non authentifié de téléverser ou écraser un fichier sur le serveur. Par ce biais, l'attaquant à la possibilité de déposer une porte dérobée afin de pouvoir exécuter du code arbitraire à distance sur la machine. En effet, si un attaquant envoie un courriel contenant une archive piégée avec le format .cpio, .rpm ou .tar à une instance de Zimbra ne disposant pas de l'utilitaire pax, alors, lors du processus d'extraction par Amavis la vulnérabilité sera déclenchée.

Le 25 septembre, le NIST NVD attribue à cette vulnérabilité l'immatriculation CVE-2022-41352. Cette vulnérabilité est simple à exploiter et pourrait être combinée avec une autre vulnérabilité de type élévation de privilèges, telle que la CVE-2022-37393, pour prendre le contrôle total de la machine.

Le CERT-FR a connaissance de cas d'exploitation de cette vulnérabilité et de codes d'exploitation publiquement disponibles.

Contournement provisoire

L'éditeur n'a pas publié de correctif pour cette vulnérabilité. Cependant, il est assez aisé de s'en prémunir en installant l'utilitaire pax, disponible via le paquet du même nom, puis en redémarrant l'application Zimbra (les commandes sont détaillées par l'éditeur [1]).

Détection

Le CERT-FR recommande de réaliser une analyse approfondie des journaux réseau des serveurs Zimbra. Il est possible d'obtenir la liste des archives au format .tar, .rpm ou .cpio qui ont été téléversées via la commande suivante : cat /opt/zimbra/log/mailbox.log | grep -i -e ".*FileUploadServlet.*name=.*\(.cpio\|.tar\|.rpm\),". Ces archives devront ensuite être analysées pour tenter d'identifier des tentatives d'exploitation de la vulnérabilité. Cependant, un attaquant peut dissimuler ses traces dans le cas où il a réalisé une élévation de privilège par le biais d'une autre vulnérabilité.

En cas de suspicion de compromission, il est recommandé de consulter les bons réflexes en cas d'intrusion sur votre système d'information.

Solution

[MaJ 12 octobre 2022] Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Synacor	Zimbra Collaboration	Zimbra Collaboration Suite (ZCS) toutes versions utilisant cpio

References

Title

Publication Time

Tags

[1] Bulletin de sécurité Zimbra	2022-09-14	vendor-advisory
Avis CERT-FR CERTFR-2022-AVI-902 du 12 octobre 2022	-	other
Bons réflexes en cas d'intrusion sur votre système d'information	-	other
Bulletin de sécurité Zimbra du 10 octobre 2022	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration Suite (ZCS) toutes versions utilisant cpio",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2023-03-14",
  "content": "## Contournement provisoire\n\nL\u0027\u00e9diteur n\u0027a pas publi\u00e9 de correctif pour cette vuln\u00e9rabilit\u00e9.\nCependant, il est assez ais\u00e9 de s\u0027en pr\u00e9munir en installant l\u0027utilitaire\n*pax*, disponible *via* le paquet du m\u00eame nom, puis en red\u00e9marrant\nl\u0027application Zimbra (les commandes sont d\u00e9taill\u00e9es par l\u0027\u00e9diteur\n\\[1\\]).\n\n## D\u00e9tection\n\nLe CERT-FR recommande de r\u00e9aliser une analyse approfondie des journaux\nr\u00e9seau des serveurs Zimbra. Il est possible d\u0027obtenir la liste des\narchives au format .tar, .rpm ou .cpio qui ont \u00e9t\u00e9 t\u00e9l\u00e9vers\u00e9es *via* la\ncommande suivante :\n`cat /opt/zimbra/log/mailbox.log | grep -i -e \".*FileUploadServlet.*name=.*\\(.cpio\\|.tar\\|.rpm\\),\"`.\nCes archives devront ensuite \u00eatre analys\u00e9es pour tenter d\u0027identifier des\ntentatives d\u0027exploitation de la vuln\u00e9rabilit\u00e9. Cependant, un attaquant\npeut dissimuler ses traces dans le cas o\u00f9 il a r\u00e9alis\u00e9 une \u00e9l\u00e9vation de\nprivil\u00e8ge par le biais d\u0027une autre vuln\u00e9rabilit\u00e9.\n\nEn cas de suspicion de compromission, il est recommand\u00e9 de consulter les\n[bons r\u00e9flexes en cas d\u0027intrusion sur votre syst\u00e8me\nd\u0027information](/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/).\n\n\n## Solution\n\n\u003cspan style=\"color: #ff0000;\"\u003e\\[MaJ 12 octobre 2022\\]\u00a0\u003cspan\nstyle=\"color: #000000;\"\u003eSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur\npour l\u0027obtention des correctifs (cf. section\nDocumentation).\u003c/span\u003e\u003c/span\u003e\n\n",
  "cves": [
    {
      "name": "CVE-2022-37393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37393"
    },
    {
      "name": "CVE-2022-41352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41352"
    }
  ],
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2022-AVI-902 du 12 octobre 2022",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-902/"
    },
    {
      "title": "Bons r\u00e9flexes en cas d\u0027intrusion sur votre syst\u00e8me d\u0027information",
      "url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra du 10 octobre 2022",
      "url": "https://blog.zimbra.com/2022/10/new-zimbra-patches-9-0-0-patch-27-8-8-15-patch-34/"
    }
  ],
  "reference": "CERTFR-2022-ALE-009",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-07T00:00:00.000000"
    },
    {
      "description": "Correctif disponible.",
      "revision_date": "2022-10-12T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2023-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cstrong\u003e\\[MaJ 12 octobre 2022\\]\u00a0\u003c/strong\u003eUn correctif est d\u00e9sormais disponible (cf.\nsection Documentation).\n\n\u003cstrong\u003e\\[Publication initiale\\]\u003c/strong\u003e\n\nLe 15 septembre 2022, l\u0027\u00e9diteur Zimbra a publi\u00e9 un avis de s\u00e9curit\u00e9\nmentionnant une vuln\u00e9rabilit\u00e9 dans l\u0027impl\u00e9mentation de *cpio* par son\nmoteur d\u0027antivirus (Amavis). L\u0027outil d\u0027extraction d\u0027archive *cpio* est\nutilis\u00e9 par Zimbra d\u00e8s lors que l\u0027utilitaire\u00a0*pax* n\u0027est pas install\u00e9*.*\nCette vuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant non authentifi\u00e9 de t\u00e9l\u00e9verser\nou \u00e9craser un fichier sur le serveur. Par ce biais, l\u0027attaquant \u00e0 la\npossibilit\u00e9 de d\u00e9poser une porte d\u00e9rob\u00e9e afin de pouvoir ex\u00e9cuter du\ncode arbitraire \u00e0 distance sur la machine. En effet, si un attaquant\nenvoie un courriel contenant une archive pi\u00e9g\u00e9e avec le format .cpio,\n.rpm ou .tar \u00e0 une instance de Zimbra ne disposant pas de l\u0027utilitaire\n*pax*, alors, lors du processus d\u0027extraction par Amavis la vuln\u00e9rabilit\u00e9\nsera d\u00e9clench\u00e9e.\n\nLe 25 septembre, le NIST NVD attribue \u00e0 cette vuln\u00e9rabilit\u00e9\nl\u0027immatriculation CVE-2022-41352. Cette vuln\u00e9rabilit\u00e9 est simple \u00e0\nexploiter et pourrait \u00eatre combin\u00e9e avec une autre vuln\u00e9rabilit\u00e9 de type\n\u00e9l\u00e9vation de privil\u00e8ges, telle que la CVE-2022-37393, pour prendre le\ncontr\u00f4le total de la machine.\n\nLe CERT-FR a connaissance de cas d\u0027exploitation de cette vuln\u00e9rabilit\u00e9\net de codes d\u0027exploitation publiquement disponibles.\n",
  "title": "[MaJ] Vuln\u00e9rabilit\u00e9 dans Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": "2022-09-14",
      "title": "[1] Bulletin de s\u00e9curit\u00e9 Zimbra",
      "url": "https://blog.zimbra.com/2022/09/security-update-make-sure-to-install-pax-spax/"
    }
  ]
}

CERTFR-2022-ALE-009

Vulnerability from certfr_alerte - Published: - Updated:

[MaJ 12 octobre 2022] Un correctif est désormais disponible (cf. section Documentation).

[Publication initiale]

Le CERT-FR a connaissance de cas d'exploitation de cette vulnérabilité et de codes d'exploitation publiquement disponibles.

Contournement provisoire

Détection

En cas de suspicion de compromission, il est recommandé de consulter les bons réflexes en cas d'intrusion sur votre système d'information.

Solution

[MaJ 12 octobre 2022] Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Synacor	Zimbra Collaboration	Zimbra Collaboration Suite (ZCS) toutes versions utilisant cpio

References

Title

Publication Time

Tags

[1] Bulletin de sécurité Zimbra	2022-09-14	vendor-advisory
Avis CERT-FR CERTFR-2022-AVI-902 du 12 octobre 2022	-	other
Bons réflexes en cas d'intrusion sur votre système d'information	-	other
Bulletin de sécurité Zimbra du 10 octobre 2022	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration Suite (ZCS) toutes versions utilisant cpio",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2023-03-14",
  "content": "## Contournement provisoire\n\nL\u0027\u00e9diteur n\u0027a pas publi\u00e9 de correctif pour cette vuln\u00e9rabilit\u00e9.\nCependant, il est assez ais\u00e9 de s\u0027en pr\u00e9munir en installant l\u0027utilitaire\n*pax*, disponible *via* le paquet du m\u00eame nom, puis en red\u00e9marrant\nl\u0027application Zimbra (les commandes sont d\u00e9taill\u00e9es par l\u0027\u00e9diteur\n\\[1\\]).\n\n## D\u00e9tection\n\nLe CERT-FR recommande de r\u00e9aliser une analyse approfondie des journaux\nr\u00e9seau des serveurs Zimbra. Il est possible d\u0027obtenir la liste des\narchives au format .tar, .rpm ou .cpio qui ont \u00e9t\u00e9 t\u00e9l\u00e9vers\u00e9es *via* la\ncommande suivante :\n`cat /opt/zimbra/log/mailbox.log | grep -i -e \".*FileUploadServlet.*name=.*\\(.cpio\\|.tar\\|.rpm\\),\"`.\nCes archives devront ensuite \u00eatre analys\u00e9es pour tenter d\u0027identifier des\ntentatives d\u0027exploitation de la vuln\u00e9rabilit\u00e9. Cependant, un attaquant\npeut dissimuler ses traces dans le cas o\u00f9 il a r\u00e9alis\u00e9 une \u00e9l\u00e9vation de\nprivil\u00e8ge par le biais d\u0027une autre vuln\u00e9rabilit\u00e9.\n\nEn cas de suspicion de compromission, il est recommand\u00e9 de consulter les\n[bons r\u00e9flexes en cas d\u0027intrusion sur votre syst\u00e8me\nd\u0027information](/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/).\n\n\n## Solution\n\n\u003cspan style=\"color: #ff0000;\"\u003e\\[MaJ 12 octobre 2022\\]\u00a0\u003cspan\nstyle=\"color: #000000;\"\u003eSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur\npour l\u0027obtention des correctifs (cf. section\nDocumentation).\u003c/span\u003e\u003c/span\u003e\n\n",
  "cves": [
    {
      "name": "CVE-2022-37393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37393"
    },
    {
      "name": "CVE-2022-41352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41352"
    }
  ],
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2022-AVI-902 du 12 octobre 2022",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-902/"
    },
    {
      "title": "Bons r\u00e9flexes en cas d\u0027intrusion sur votre syst\u00e8me d\u0027information",
      "url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra du 10 octobre 2022",
      "url": "https://blog.zimbra.com/2022/10/new-zimbra-patches-9-0-0-patch-27-8-8-15-patch-34/"
    }
  ],
  "reference": "CERTFR-2022-ALE-009",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-07T00:00:00.000000"
    },
    {
      "description": "Correctif disponible.",
      "revision_date": "2022-10-12T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2023-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cstrong\u003e\\[MaJ 12 octobre 2022\\]\u00a0\u003c/strong\u003eUn correctif est d\u00e9sormais disponible (cf.\nsection Documentation).\n\n\u003cstrong\u003e\\[Publication initiale\\]\u003c/strong\u003e\n\nLe 15 septembre 2022, l\u0027\u00e9diteur Zimbra a publi\u00e9 un avis de s\u00e9curit\u00e9\nmentionnant une vuln\u00e9rabilit\u00e9 dans l\u0027impl\u00e9mentation de *cpio* par son\nmoteur d\u0027antivirus (Amavis). L\u0027outil d\u0027extraction d\u0027archive *cpio* est\nutilis\u00e9 par Zimbra d\u00e8s lors que l\u0027utilitaire\u00a0*pax* n\u0027est pas install\u00e9*.*\nCette vuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant non authentifi\u00e9 de t\u00e9l\u00e9verser\nou \u00e9craser un fichier sur le serveur. Par ce biais, l\u0027attaquant \u00e0 la\npossibilit\u00e9 de d\u00e9poser une porte d\u00e9rob\u00e9e afin de pouvoir ex\u00e9cuter du\ncode arbitraire \u00e0 distance sur la machine. En effet, si un attaquant\nenvoie un courriel contenant une archive pi\u00e9g\u00e9e avec le format .cpio,\n.rpm ou .tar \u00e0 une instance de Zimbra ne disposant pas de l\u0027utilitaire\n*pax*, alors, lors du processus d\u0027extraction par Amavis la vuln\u00e9rabilit\u00e9\nsera d\u00e9clench\u00e9e.\n\nLe 25 septembre, le NIST NVD attribue \u00e0 cette vuln\u00e9rabilit\u00e9\nl\u0027immatriculation CVE-2022-41352. Cette vuln\u00e9rabilit\u00e9 est simple \u00e0\nexploiter et pourrait \u00eatre combin\u00e9e avec une autre vuln\u00e9rabilit\u00e9 de type\n\u00e9l\u00e9vation de privil\u00e8ges, telle que la CVE-2022-37393, pour prendre le\ncontr\u00f4le total de la machine.\n\nLe CERT-FR a connaissance de cas d\u0027exploitation de cette vuln\u00e9rabilit\u00e9\net de codes d\u0027exploitation publiquement disponibles.\n",
  "title": "[MaJ] Vuln\u00e9rabilit\u00e9 dans Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": "2022-09-14",
      "title": "[1] Bulletin de s\u00e9curit\u00e9 Zimbra",
      "url": "https://blog.zimbra.com/2022/09/security-update-make-sure-to-install-pax-spax/"
    }
  ]
}

CERTFR-2022-AVI-902

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Zimbra Collaboration. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Synacor	Zimbra Collaboration	Zimbra Collaboration versions 9.x antérieures à 9.0.0 Patch 27
	Synacor	Zimbra Collaboration	Zimbra Collaboration versions 8.x antérieures à 8.8.15 Patch 34

References

Title

Publication Time

Tags

Bulletin de sécurité Zimbra du 10 octobre 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions 9.x ant\u00e9rieures \u00e0 9.0.0 Patch 27",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 8.x ant\u00e9rieures \u00e0 8.8.15 Patch 34",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-41352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41352"
    },
    {
      "name": "CVE-2022-41348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41348"
    },
    {
      "name": "CVE-2022-41350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41350"
    },
    {
      "name": "CVE-2022-41351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41351"
    },
    {
      "name": "CVE-2022-37393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37393"
    },
    {
      "name": "CVE-2022-41349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41349"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-902",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zimbra\nCollaboration. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et\nune injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra du 10 octobre 2022",
      "url": "https://blog.zimbra.com/2022/10/new-zimbra-patches-9-0-0-patch-27-8-8-15-patch-34/"
    }
  ]
}

CERTFR-2022-AVI-902

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Synacor	Zimbra Collaboration	Zimbra Collaboration versions 9.x antérieures à 9.0.0 Patch 27
	Synacor	Zimbra Collaboration	Zimbra Collaboration versions 8.x antérieures à 8.8.15 Patch 34

References

Title

Publication Time

Tags

Bulletin de sécurité Zimbra du 10 octobre 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions 9.x ant\u00e9rieures \u00e0 9.0.0 Patch 27",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 8.x ant\u00e9rieures \u00e0 8.8.15 Patch 34",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-41352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41352"
    },
    {
      "name": "CVE-2022-41348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41348"
    },
    {
      "name": "CVE-2022-41350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41350"
    },
    {
      "name": "CVE-2022-41351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41351"
    },
    {
      "name": "CVE-2022-37393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37393"
    },
    {
      "name": "CVE-2022-41349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41349"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-902",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zimbra\nCollaboration. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et\nune injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Zimbra du 10 octobre 2022",
      "url": "https://blog.zimbra.com/2022/10/new-zimbra-patches-9-0-0-patch-27-8-8-15-patch-34/"
    }
  ]
}

FKIE_CVE-2022-37393

Vulnerability from fkie_nvd - Published: 2022-08-16 20:15 - Updated: 2024-11-21 07:14

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@rapid7.com	https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis	Exploit, Third Party Advisory
cve@rapid7.com	https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/	Exploit, Third Party Advisory
cve@rapid7.com	https://github.com/rapid7/metasploit-framework/pull/16807	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rapid7/metasploit-framework/pull/16807	Exploit, Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
zimbra	collaboration	8.7.6
zimbra	collaboration	8.7.7
zimbra	collaboration	8.7.9
zimbra	collaboration	8.7.10
zimbra	collaboration	8.7.11
zimbra	collaboration	8.7.11
zimbra	collaboration	8.7.11
zimbra	collaboration	8.7.11
zimbra	collaboration	8.7.11
zimbra	collaboration	8.7.11
zimbra	collaboration	8.7.11
zimbra	collaboration	8.7.11
zimbra	collaboration	8.7.11
zimbra	collaboration	8.7.11
zimbra	collaboration	8.7.11
zimbra	collaboration	8.7.11
zimbra	collaboration	8.7.11
zimbra	collaboration	8.7.11
zimbra	collaboration	8.7.11
zimbra	collaboration	8.7.11
zimbra	collaboration	8.8.0
zimbra	collaboration	8.8.2
zimbra	collaboration	8.8.3
zimbra	collaboration	8.8.4
zimbra	collaboration	8.8.6
zimbra	collaboration	8.8.7
zimbra	collaboration	8.8.8
zimbra	collaboration	8.8.8
zimbra	collaboration	8.8.8
zimbra	collaboration	8.8.8
zimbra	collaboration	8.8.8
zimbra	collaboration	8.8.9
zimbra	collaboration	8.8.9
zimbra	collaboration	8.8.9
zimbra	collaboration	8.8.9
zimbra	collaboration	8.8.10
zimbra	collaboration	8.8.10
zimbra	collaboration	8.8.11
zimbra	collaboration	8.8.11
zimbra	collaboration	8.8.11
zimbra	collaboration	8.8.11
zimbra	collaboration	8.8.12
zimbra	collaboration	8.8.12
zimbra	collaboration	8.8.12
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "144C9B35-9A82-4A47-82E3-0E0CA71E0C7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "01379F5C-0157-4880-913A-67729D63E970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFD06515-D376-4788-A9E6-5531D08BFDD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C68411C-B094-4895-9AF9-C7FFA9479D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:-:*:*:*:*:*:*",
              "matchCriteriaId": "C5D00519-8429-4C8F-A455-F5DD246D4009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p1:*:*:*:*:*:*",
              "matchCriteriaId": "519F4C15-811A-4A76-A7F4-251E17DCA7B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p10:*:*:*:*:*:*",
              "matchCriteriaId": "B8961767-9B1D-4AF6-A014-9770FF925FE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p11:*:*:*:*:*:*",
              "matchCriteriaId": "56736F6C-E472-4D81-A4DF-7B4D7D3F4232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p12:*:*:*:*:*:*",
              "matchCriteriaId": "E7802EA0-016C-432B-9C57-BD75817CCA49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p13:*:*:*:*:*:*",
              "matchCriteriaId": "45760766-95FA-485A-BB1F-76CC78D2BB47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p14:*:*:*:*:*:*",
              "matchCriteriaId": "D5B0658C-9278-4078-8DB7-D4A693B4B5F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p15:*:*:*:*:*:*",
              "matchCriteriaId": "649EA6F7-1A0B-4B68-AD00-364F85734CF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p2:*:*:*:*:*:*",
              "matchCriteriaId": "1F9A281D-09CC-4AFA-9854-D6228C73271B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p3:*:*:*:*:*:*",
              "matchCriteriaId": "508EC887-BD57-4CD8-B6FC-453212684641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p4:*:*:*:*:*:*",
              "matchCriteriaId": "52FCDC0C-63C5-4105-872D-C8517DFFAD05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p5:*:*:*:*:*:*",
              "matchCriteriaId": "FFA94BE6-031F-4279-95DA-D95A83CCE808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p6:*:*:*:*:*:*",
              "matchCriteriaId": "7757D0F0-900A-4F36-8975-B493EBBD5977",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p7:*:*:*:*:*:*",
              "matchCriteriaId": "98483031-531D-44BA-95E5-FCE02768C8DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p8:*:*:*:*:*:*",
              "matchCriteriaId": "A1AC65E0-7DF7-43AD-A539-A62FB50B027C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p9:*:*:*:*:*:*",
              "matchCriteriaId": "1E9306C5-E541-4CFB-9BF9-DF9CABE19A1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "F6DD0677-D894-47D9-8840-FCF2BEDB1DE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "43EDB16D-8825-456A-A904-BC22B4515CB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B8B9C4-7764-474A-B428-02ACF9B7796E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EB754D1-ECD8-4F4E-8328-0A6D1D4484AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4C6CB7A-3FC1-4FD0-8529-9F9414615895",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA92EF6-1745-4441-8C40-E8E646A3B5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "2948265E-41C3-420C-8EBB-06779B4159E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p1:*:*:*:*:*:*",
              "matchCriteriaId": "C386097D-3717-4CE4-9A7D-D9F79349F962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B70BD874-A325-4573-97A6-B2960F8C3A3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p4:*:*:*:*:*:*",
              "matchCriteriaId": "EEF3C967-F801-4DA4-A500-AC26CBD69095",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p7:*:*:*:*:*:*",
              "matchCriteriaId": "A4AE8C84-EF5B-4720-8530-086FC4D6E2F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:-:*:*:*:*:*:*",
              "matchCriteriaId": "22FB2707-4CC0-4176-B91A-778E3CE4D67B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p1:*:*:*:*:*:*",
              "matchCriteriaId": "20F1987A-96A3-4CFD-B47A-C6E4D8A0D359",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p10:*:*:*:*:*:*",
              "matchCriteriaId": "7E6E2A24-085D-48BE-A395-8C9EFB1DD00C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p3:*:*:*:*:*:*",
              "matchCriteriaId": "C9F5B9C5-2BD5-4205-8119-61F4E9E16141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.10:-:*:*:*:*:*:*",
              "matchCriteriaId": "030FE87C-00C4-4187-ACA5-09DB7FED5E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.10:p8:*:*:*:*:*:*",
              "matchCriteriaId": "C073A50A-E2DC-4D9C-8F06-D569997817E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:-:*:*:*:*:*:*",
              "matchCriteriaId": "5328F774-1379-46A4-AB13-63202B9AA503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFF73FAD-FCB2-4054-9544-39AEFBDCECC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p4:*:*:*:*:*:*",
              "matchCriteriaId": "2BD596FB-2B50-4D0A-B230-6862E6172D09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p5:*:*:*:*:*:*",
              "matchCriteriaId": "7E43D54E-A10C-4E05-B745-D12E6585E7F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:-:*:*:*:*:*:*",
              "matchCriteriaId": "A2B204A5-1E74-444B-B20C-3A36E43482EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:p3:*:*:*:*:*:*",
              "matchCriteriaId": "F7F04FB4-AE06-4863-A361-76DB91A12E7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:p4:*:*:*:*:*:*",
              "matchCriteriaId": "F5E0C63F-8DF3-49C5-83A6-6C7F6F1D8F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*",
              "matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*",
              "matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*",
              "matchCriteriaId": "6DD4641A-EC23-4B1A-8729-9AECD70390AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*",
              "matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*",
              "matchCriteriaId": "CA758408-4302-43BC-BDC9-1B70EC5D2FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*",
              "matchCriteriaId": "822CDEBC-0650-4970-B46F-06F505993086",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*",
              "matchCriteriaId": "971B5005-4676-4D93-A7DD-6AFDC8D0BEEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*",
              "matchCriteriaId": "81BC6A7F-D014-44B3-9361-20DB256D3C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*",
              "matchCriteriaId": "6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*",
              "matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*",
              "matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*",
              "matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*",
              "matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*",
              "matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*",
              "matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*",
              "matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*",
              "matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*",
              "matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*",
              "matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
    },
    {
      "lang": "es",
      "value": "La configuraci\u00f3n sudo de Zimbra permite al usuario zimbra ejecutar el binario zmslapd como root con par\u00e1metros arbitrarios. Como parte de su funcionalidad prevista, zmslapd puede cargar un archivo de configuraci\u00f3n definido por el usuario, que incluye plugins en forma de archivos .so, que tambi\u00e9n son ejecutadas como root."
    }
  ],
  "id": "CVE-2022-37393",
  "lastModified": "2024-11-21T07:14:54.630",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-16T20:15:07.860",
  "references": [
    {
      "source": "cve@rapid7.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
    },
    {
      "source": "cve@rapid7.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
    },
    {
      "source": "cve@rapid7.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rapid7/metasploit-framework/pull/16807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rapid7/metasploit-framework/pull/16807"
    }
  ],
  "sourceIdentifier": "cve@rapid7.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "cve@rapid7.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-8JJP-3PJ6-XX8J

Vulnerability from github – Published: 2022-08-17 00:00 – Updated: 2022-08-19 00:00

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-37393"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-16T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.",
  "id": "GHSA-8jjp-3pj6-xx8j",
  "modified": "2022-08-19T00:00:21Z",
  "published": "2022-08-17T00:00:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37393"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rapid7/metasploit-framework/pull/16807"
    },
    {
      "type": "WEB",
      "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
    },
    {
      "type": "WEB",
      "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-37393 (GCVE-0-2022-37393)

GSD-2022-37393

CERTFR-2022-ALE-009

Contournement provisoire

Détection

Solution

CERTFR-2022-ALE-009

Contournement provisoire

Détection

Solution

CERTFR-2022-AVI-902

Solution

CERTFR-2022-AVI-902

Solution

FKIE_CVE-2022-37393

GHSA-8JJP-3PJ6-XX8J

Tags

Sightings

Nomenclature