Zimbra, a popular email and collaboration platform, has issued a crucial security update to patch a severe vulnerability in its postjournal service. Attackers could exploit it to run arbitrary commands without authentication, which poses a significant risk to the security and integrity of systems using the platform. A proof of concept was developed using specific SMTP commands to execute arbitrary commands on the postjournal service running on port 10027. Researchers tested the exploit directly on the postjournal service via port 10027 using the following SMTP commands. With the postjournal service enabled, researchers reran the exploit against SMTP port 25 and observed successful command execution. Zimbra users are strongly advised to apply the latest security patch immediately to protect their systems from potential exploitation. Users should update their Zimbra installations to prevent potential security breaches and maintain system integrity. Researchers obtained the patched version of the postjournal binary from the latest Zimbra patch package. For more information on this vulnerability and patch details, users can refer to Zimbra’s official security advisories. Researchers analyzed the unpatched version of the software and discovered that it used popen in the read_maps function without input sanitization, allowing command injection. The security patch was hosted on Zimbra’s S3 bucket, s3(:)repo.zimbra.com, which was publicly accessible. Get Latest Hacker News & Cyber Security Newsletters update Daily. Identified as CVE-2024-45519, this flaw allows unauthenticated attackers to execute arbitrary commands on affected Zimbra installations. In the patched version, the function execvp is utilized with user input passed as an array, preventing direct command injection.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 02 Oct 2024 12:16:17 +0000