module
TAR Path Traversal in Zimbra (CVE-2022-41352)
| Disclosed |
|---|
| Jun 28, 2022 |
Disclosed
Jun 28, 2022
Description
This module creates a .tar file that can be emailed to a Zimbra server
to exploit CVE-2022-41352. If successful, it plants a JSP-based
backdoor in the public web directory, then executes that backdoor.
The core vulnerability is a path-traversal issue in the cpio command-
line utlity that can extract an arbitrary file to an arbitrary
location on a Linux system (CVE-2015-1197). Most Linux distros have
chosen not to fix it.
This issue is exploitable on Red Hat-based systems (and other hosts
without pax installed) running versions:
* Zimbra Collaboration Suite 9.0.0 Patch 26 (and earlier)
* Zimbra Collaboration Suite 8.8.15 Patch 33 (and earlier)
The patch simply makes "pax" a pre-requisite.
to exploit CVE-2022-41352. If successful, it plants a JSP-based
backdoor in the public web directory, then executes that backdoor.
The core vulnerability is a path-traversal issue in the cpio command-
line utlity that can extract an arbitrary file to an arbitrary
location on a Linux system (CVE-2015-1197). Most Linux distros have
chosen not to fix it.
This issue is exploitable on Red Hat-based systems (and other hosts
without pax installed) running versions:
* Zimbra Collaboration Suite 9.0.0 Patch 26 (and earlier)
* Zimbra Collaboration Suite 8.8.15 Patch 33 (and earlier)
The patch simply makes "pax" a pre-requisite.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.