Report Incident
× Home Cybertech Africa 2023 2 DPO Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

Advisory: Zimbra CVE

Zimbra has released security updates to address vulnerabilities affecting Ubuntu and Redhat installation versions.
 
Affected systems
 
Affected systems include Zimbra 9.0.0 Patch-27 and Zimbra 8.8.8.15 Patch-34
 
Security Risks
  • An attacker can use the cpio package to gain incorrect access to any other user accounts. Zimbra recommends pax over cpio.
  • Zimbra's sudo configuration permits the Zimbra user to execute the zmslapd binary as root with arbitrary parameters.
  • XSS can occur via one of the attributes of an IMG element, leading to information disclosure.
  • XSS can occur via one attribute in the search component of webmail, leading to information disclosure.
  • XSS can occur via one of the attributes in composing a component of webmail, leading to information disclosure.
  • XSS can occur via one of the attributes in the calendar component of webmail, leading to information disclosure.
 
Recommended Actions
 
The National Cyber Security Authority (NCSA) strongly recommends to system administrators:
a. Follow the advisory shared by Zimbra and apply suggested mitigations to lower the risk of vulnerability exploitation.
c. Before any update task, please ensure you have a recent backup that can easily be restored.
For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009
 
References
 https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P27#Security_Fixes  https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P34#Security_Fixes
https://thehackernews.com/2022/10/zimbra-releases-patch-for-actively.html
https://www.cisa.gov/uscert/ncas/alerts/aa22-228a

19 October 2022

© 2024 National Cyber Security Authority