Unpatched Zimbra flaw under attack is letting hackers backdoor servers

Enlarge (credit: Jeremy Brooks / Flickr)

An unpatched code-execution vulnerability in the Zimbra Collaboration software is under active exploitation by attackers using the attacks to backdoor servers.

The attacks began no later than September 7, when a Zimbra customer reported a few days later that a server running the company’s Amavis spam-filtering engine processed an email containing a malicious attachment. Within seconds, the scanner copied a malicious Java file to the server and then executed it. With that, the attackers had installed a web shell, which they could then use to log into and take control of the server.

Zimbra has yet to release a patch fixing the vulnerability. Instead, the company published this guidance that advises customers to ensure a file archiver known as pax is installed. Unless pax is installed, Amavis processes incoming attachments with cpio, an alternate archiver that has known vulnerabilities that were never fixed.

Read 9 remaining paragraphs | Comments

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button