Search criteria
2 vulnerabilities found for Zimbra Server by Synacor
CVE-2022-37393 (GCVE-0-2022-37393)
Vulnerability from nvd – Published: 2022-08-16 20:00 – Updated: 2024-09-17 00:45
VLAI
Title
Zimbra zmslapd arbitrary module load
Summary
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/rapid7/metasploit-framework/pu… | x_refsource_MISC |
| https://attackerkb.com/topics/92AeLOE1M1/cve-2022… | x_refsource_MISC |
| https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Synacor | Zimbra Server |
Affected:
9.0.0.p27 , ≤ 9.0.0.p27
(custom)
Affected: 8.8.15.p34 , ≤ 8.8.15.p34 (custom) |
Date Public
2021-10-27 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:21.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zimbra Server",
"vendor": "Synacor",
"versions": [
{
"lessThanOrEqual": "9.0.0.p27",
"status": "affected",
"version": "9.0.0.p27",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.8.15.p34",
"status": "affected",
"version": "8.8.15.p34",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Darren Martyn discovered and disclosed this vulnerability"
}
],
"datePublic": "2021-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
}
],
"exploits": [
{
"lang": "en",
"value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-16T20:00:19.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Zimbra zmslapd arbitrary module load",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2021-10-27T21:00:00.000Z",
"ID": "CVE-2022-37393",
"STATE": "PUBLIC",
"TITLE": "Zimbra zmslapd arbitrary module load"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zimbra Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "9.0.0.p27",
"version_value": "9.0.0.p27"
},
{
"version_affected": "\u003c=",
"version_name": "8.8.15.p34",
"version_value": "8.8.15.p34"
}
]
}
}
]
},
"vendor_name": "Synacor"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Darren Martyn discovered and disclosed this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/16807",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"name": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis",
"refsource": "MISC",
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"name": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/",
"refsource": "MISC",
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-37393",
"datePublished": "2022-08-16T20:00:19.211Z",
"dateReserved": "2022-08-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:45:31.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37393 (GCVE-0-2022-37393)
Vulnerability from cvelistv5 – Published: 2022-08-16 20:00 – Updated: 2024-09-17 00:45
VLAI
Title
Zimbra zmslapd arbitrary module load
Summary
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/rapid7/metasploit-framework/pu… | x_refsource_MISC |
| https://attackerkb.com/topics/92AeLOE1M1/cve-2022… | x_refsource_MISC |
| https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Synacor | Zimbra Server |
Affected:
9.0.0.p27 , ≤ 9.0.0.p27
(custom)
Affected: 8.8.15.p34 , ≤ 8.8.15.p34 (custom) |
Date Public
2021-10-27 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:21.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zimbra Server",
"vendor": "Synacor",
"versions": [
{
"lessThanOrEqual": "9.0.0.p27",
"status": "affected",
"version": "9.0.0.p27",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.8.15.p34",
"status": "affected",
"version": "8.8.15.p34",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Darren Martyn discovered and disclosed this vulnerability"
}
],
"datePublic": "2021-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
}
],
"exploits": [
{
"lang": "en",
"value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-16T20:00:19.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Zimbra zmslapd arbitrary module load",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2021-10-27T21:00:00.000Z",
"ID": "CVE-2022-37393",
"STATE": "PUBLIC",
"TITLE": "Zimbra zmslapd arbitrary module load"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zimbra Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "9.0.0.p27",
"version_value": "9.0.0.p27"
},
{
"version_affected": "\u003c=",
"version_name": "8.8.15.p34",
"version_value": "8.8.15.p34"
}
]
}
}
]
},
"vendor_name": "Synacor"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Darren Martyn discovered and disclosed this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/16807",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"name": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis",
"refsource": "MISC",
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"name": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/",
"refsource": "MISC",
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-37393",
"datePublished": "2022-08-16T20:00:19.211Z",
"dateReserved": "2022-08-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:45:31.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}