#VU68041 Security features bypass in AMaViS - CVE-2022-41352
Published: October 8, 2022 / Updated: November 13, 2022
Vulnerability identifier: #VU68041
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2022-41352
CWE-ID: CWE-254
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
AMaViS
AMaViS
Software vendor:
Amavis.org
Amavis.org
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insecure fall-back by amavis to using cpio to extract files if the pax package is not installed on the system. The amavisd extracts the contents of compressed attachments for virus scanning and uses cpio in an insecure manner. A remote attacker can send a specially crafted archive to the email system that once extracted can overwrite arbitrary files on the system.
Note, the vulnerability was used in the wild against misconfigured Zimbra Collaboration (ZCS) installations.
Remediation
It is recommended to replace cpio with pax on the system.