Main Vulnerability Database Exploits ID:8601 - Exploit for Security features bypass in AMaViS - CVE-2022-41352

ID:8601 - Exploit for Security features bypass in AMaViS - CVE-2022-41352

Published: November 13, 2022

Vulnerability identifier: #VU68041

Vulnerability risk: Critical

CVE-ID: CVE-2022-41352

CWE-ID: CWE-254

Exploitation vector: Remote access

Vulnerable software:
AMaViS

Link to public exploit:

https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insecure fall-back by amavis to using cpio to extract files if the pax package is not installed on the system. The amavisd extracts the contents of compressed attachments for virus scanning and uses cpio in an insecure manner. A remote attacker can send a specially crafted archive to the email system that once extracted can overwrite arbitrary files on the system.

Note, the vulnerability was used in the wild against misconfigured Zimbra Collaboration (ZCS) installations.

Remediation

It is recommended to replace cpio with pax on the system.

ID:8601 - Exploit for Security features bypass in AMaViS - CVE-2022-41352

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human