Lucene search
K

7 matches found

Rapid7 Blog
Rapid7 Blog
added 2022/10/21 5:31 p.m.153 views

Metasploit Weekly Wrap-Up

Zimbra with Postfix LPE CVE-2022-3569 This week rbowes added an LPE exploit for Zimbra with Postfix. The exploit leverages a vulnerability whereby the Zimbra user can run postfix as root which in turn is capable of executing arbitrary shellscripts. This can be abused for reliable privilege...

7.5CVSS0.6AI score0.99998EPSS
Exploits47
Metasploit
Metasploit
added 2022/10/19 7:49 p.m.301 views

Zimbra sudo + postfix privilege escalation

This module exploits a vulnerable sudo configuration that permits the zimbra user to execute postfix as root. In turn, postfix can execute arbitrary shellscripts, which means it can execute a root shell. Module Options msf use exploit/linux/local/zimbrapostfixprivesc msf exploitzimbrapostfixprive...

7.8CVSS8.1AI score0.00695EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/10/19 12:0 a.m.317 views

Zimbra Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra sudo + postfix privilege escalation', 'Description' = %q This module exploits a vulnerable sudo configuration that permits the zimbra user...

0.7AI score0.00695EPSS
Exploits4
0day.today
0day.today
added 2022/10/19 12:0 a.m.483 views

Zimbra Privilege Escalation Exploit

This Metasploit module exploits a vulnerable sudo configuration that permits the Zimbra user to execute postfix as root. In turn, postfix can execute arbitrary shellscripts, which means it can execute a root shell. This module requires Metasploit: https://metasploit.com/download Current source:...

7.8CVSS8.1AI score0.00695EPSS
Exploits4
Circl
Circl
added 2022/10/18 2:13 a.m.9 views

CVE-2022-3569

creationtimestamp| type| source ---|---|--- 2022-10-18 02:13:24+00:00| seen| https://t.me/cibsecurity/51651 2022-10-19 09:20:04+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/zimbrapostfixprivesc.rb 2025-02-06 03:13:45+00:00| seen|...

7.8CVSS7.1AI score0.00695EPSS
Exploits4References3
OSV
OSV
added 2022/10/17 10:45 p.m.43 views

CVE-2022-3569

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite ZCS suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'...

7.8CVSS7.2AI score0.00695EPSS
Exploits4References5
CVE
CVE
added 2022/10/17 10:45 p.m.90 views

CVE-2022-3569

CVE-2022-3569 affects Zimbra Collaboration Suite (ZCS) versions 9.0.0 and earlier. The issue is a local privilege escalation caused by incorrect sudo permissions that let the zimbra user coerce postfix to run commands as root, enabling root-level command execution. Public exploit avenues exist (e...

7.8CVSS7.9AI score0.00695EPSS
Exploits4References3Affected Software1
Rows per page
Query Builder