module
Zimbra zmslapd arbitrary module load
| Disclosed |
|---|
| Oct 27, 2021 |
Disclosed
Oct 27, 2021
Description
This module exploits CVE-2022-37393, which is a vulnerability in
Zimbra's sudo configuration that permits the zimbra user to execute
the zmslapd binary as root with arbitrary parameters. As part of its
intended functionality, zmslapd can load a user-defined configuration
file, which includes plugins in the form of .so files, which also
execute as root.
Zimbra's sudo configuration that permits the zimbra user to execute
the zmslapd binary as root with arbitrary parameters. As part of its
intended functionality, zmslapd can load a user-defined configuration
file, which includes plugins in the form of .so files, which also
execute as root.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.