Article 64GCM Unpatched Zimbra flaw under attack is letting hackers backdoor servers

Unpatched Zimbra flaw under attack is letting hackers backdoor servers

by
Dan Goodin
from Ars Technica - All content on (#64GCM)
backdoor-800x533.jpg

Enlarge (credit: Jeremy Brooks / Flickr)

An unpatched code-execution vulnerability in the Zimbra Collaboration software is under active exploitation by attackers using the attacks to backdoor servers.

The attacks began no later than September 7, when a Zimbra customer reported a few days later that a server running the company's Amavis spam-filtering engine processed an email containing a malicious attachment. Within seconds, the scanner copied a malicious Java file to the server and then executed it. With that, the attackers had installed a web shell, which they could then use to log into and take control of the server.

Zimbra has yet to release a patch fixing the vulnerability. Instead, the company published this guidance that advises customers to ensure a file archiver known as pax is installed. Unless pax is installed, Amavis processes incoming attachments with cpio, an alternate archiver that has known vulnerabilities that were never fixed.

Read 9 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments