5 matches found
CVE-2022-37393 Zimbra zmslapd arbitrary module load
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root...
CVE-2022-37393
CVE-2022-37393: Zimbra’s sudo configuration allows the zimbra user to run the zmslapd binary as root with arbitrary parameters. zmslapd can load a user-defined configuration file that may include plugins (.so) executed as root, enabling local privilege escalation. The available connected document...
Zimbra zmslapd Privilege Escalation Exploit
This Metasploit module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo configuration that permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which...
Zimbra zmslapd Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra zmslapd arbitrary module load', 'Description' = %q This module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo...
CVE-2022-37393
creationtimestamp| type| source ---|---|--- 2022-08-09 16:39:19+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/zimbraslapperprivesc.rb 2022-08-17 14:35:04+00:00| published-proof-of-concept| Telegram/RSu8n7LvnC9xeCRU6JhJsfiUmeq682EnNiL5z7-ptljY...