CyberSecurityBoard
Sponsor Register Login

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) - Help Net Security

Proofpoint’s threat researchers say that the attacks started on September 28 – several weeks after Zimbra developers released patches for CVE-2024-45519 and other flaws, and a day after ProjectDiscovery’s analysts published a detailed technical write-up about the vulnerability and a PoC exploit to demonstrate the potential for local exploitation. “The vulnerability stems from unsanitized user input being passed to popen [function] in the unpatched version [of the postjournal binary], enabling attackers to inject arbitrary commands,” ProjectDiscovery’s analysts explained. “While the postjournal feature may be optional or not enabled on most systems, it is still necessary to apply the provided patch to prevent potential exploitation,” a Synacor security architect and engineer confirmed when patches for several Zimbra versions were provided in early September. “While the patched version introduces input sanitization and replaces popen with execvp, mitigating direct command injection, it’s crucial for administrators to apply the latest patches promptly. Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. CVE-2024-45519 is an OS command injection vulnerability in the solution’s postjournal service (and binary), which is used for recording email communications for compliance and/or archiving.

This Cyber News was published on www.helpnetsecurity.com. Publication date: Wed, 02 Oct 2024 11:43:04 +0000


Cyber News related to Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) - Help Net Security

Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now! - “Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, a remote code execution vulnerability in Zimbra mail servers. Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, ...
2 months ago Securityaffairs.com
CVE-2024-26633 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
Critical Zimbra RCE flaw actively exploited to take over servers - Attackers can exploit the vulnerability by sending specially crafted emails with commands to execute in the CC field, which are then executed when the postjournal service processes the email. Hackers are actively exploiting a recently disclosed RCE ...
2 months ago Bleepingcomputer.com
Critical Zimbra RCE flaw exploited to backdoor servers using emails - Attackers can exploit the vulnerability by sending specially crafted emails with commands to execute in the CC field, which are then executed when the postjournal service processes the email. Hackers are actively exploiting a recently disclosed RCE ...
2 months ago Bleepingcomputer.com
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
CVE-2024-26857 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2024-35893 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
CVE-2024-47685 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1) Use ...
2 months ago Tenable.com
Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) - Help Net Security - Proofpoint’s threat researchers say that the attacks started on September 28 – several weeks after Zimbra developers released patches for CVE-2024-45519 and other flaws, and a day after ProjectDiscovery’s analysts published a ...
2 months ago Helpnetsecurity.com
Zimbra RCE Vulnerability (CVE-2024-45519) - Exploit POC Released - Zimbra, a popular email and collaboration platform, has issued a crucial security update to patch a severe vulnerability in its postjournal service. Attackers could exploit it to run arbitrary commands without authentication, which poses a ...
2 months ago Cybersecuritynews.com
CVE-2024-50083 - In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending ...
1 month ago Tenable.com
The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying. - Spying and surveillance are different but related things. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did. Putting someone ...
1 year ago Schneier.com
CVE-2024-26781 - In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible deadlock in subflow diag Syzbot and Eric reported a lockdep splat in the subflow diag: WARNING: possible circular locking dependency detected ...
8 months ago Tenable.com
Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens - Vulnerability disclosure: Legal risks and ethical considerations for researchersIn this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in ...
1 year ago Helpnetsecurity.com
CVE-2023-52784 - In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bond_setup_by_slave() Commit 9eed321cde22 ("net: lapbether: only support ethernet devices") has been able to keep syzbot away from net/lapb, until today. ...
7 months ago Tenable.com
Zimbra RCE Vuln Under Attack Needs Immediate Patching - "Some emails from the same sender used a series of CC'd addresses attempting to build a Web shell on a vulnerable Zimbra server," Proofpoint said. Attackers are actively targeting a severe remote code execution vulnerability that ...
2 months ago Darkreading.com
CVE-2024-50035 - In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access syzbot reported an issue in ppp_async_encode() [1] In this case, pppoe_sendmsg() is called with a zero size. Then ppp_async_encode() is ...
1 month ago Tenable.com
CVE-2022-48956 - In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems to not be always true, at least for UDP stack. syzbot ...
1 month ago Tenable.com
Schneier on Security - Spying and surveillance are different but related things. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did. Putting someone ...
1 year ago Schneier.com
CVE-2024-50033 - In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets syzbot found that slhc_remember() was missing checks against malicious packets [1]. slhc_remember() only checked the ...
1 month ago Tenable.com
14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries - Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. Multiple flaws in DrayTek ...
2 months ago Securityaffairs.com
CVE-2024-26852 - In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() syzbot found another use-after-free in ip6_route_mpath_notify() [1] Commit f7225172f25a ("net/ipv6: prevent use after free in ...
8 months ago Tenable.com
CVE-2024-26863 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2024-26641 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CVE-2024-26882 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)