7 matches found
Metasploit Weekly Wrap-Up
Zimbra with Postfix LPE CVE-2022-3569 This week rbowes added an LPE exploit for Zimbra with Postfix. The exploit leverages a vulnerability whereby the Zimbra user can run postfix as root which in turn is capable of executing arbitrary shellscripts. This can be abused for reliable privilege...
Zimbra sudo + postfix privilege escalation
This module exploits a vulnerable sudo configuration that permits the zimbra user to execute postfix as root. In turn, postfix can execute arbitrary shellscripts, which means it can execute a root shell. Module Options msf use exploit/linux/local/zimbrapostfixprivesc msf exploitzimbrapostfixprive...
Zimbra Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra sudo + postfix privilege escalation', 'Description' = %q This module exploits a vulnerable sudo configuration that permits the zimbra user...
Zimbra Privilege Escalation Exploit
This Metasploit module exploits a vulnerable sudo configuration that permits the Zimbra user to execute postfix as root. In turn, postfix can execute arbitrary shellscripts, which means it can execute a root shell. This module requires Metasploit: https://metasploit.com/download Current source:...
CVE-2022-3569
creationtimestamp| type| source ---|---|--- 2022-10-18 02:13:24+00:00| seen| https://t.me/cibsecurity/51651 2022-10-19 09:20:04+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/zimbrapostfixprivesc.rb 2025-02-06 03:13:45+00:00| seen|...
CVE-2022-3569
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite ZCS suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'...
CVE-2022-3569
CVE-2022-3569 affects Zimbra Collaboration Suite (ZCS) versions 9.0.0 and earlier. The issue is a local privilege escalation caused by incorrect sudo permissions that let the zimbra user coerce postfix to run commands as root, enabling root-level command execution. Public exploit avenues exist (e...