[PLUG] Zimbra RCE flaw

jeffv via plug on 2 Oct 2024 08:30:22 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Zimbra RCE flaw

From: jeffv via plug <plug@lists.phillylinux.org>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: [PLUG] Zimbra RCE flaw
Date: Wed, 2 Oct 2024 11:30:17 -0400
Authentication-results: smtp01.aqua.email-ash1.sync.lan smtp.user=<hidden>; auth=pass (LOGIN)
Dkim-signature: v=1; a=rsa-sha1; d=op.net; s=20180222; c=relaxed/simple; q=dns/txt; i=@op.net; t=1727883017; h=From:Subject:Date:To:MIME-Version:Content-Type; bh=THL9reHXEKmbylWIY26bn9V8t9k=; b=DaJ2TvR79IkNxQJWhNqSNUekl+NBF8ZPMgdcEY4l/iU/Skg5Un8ffHTe6PHxpVnF 4uGTN8OlLpWahXI5zdVSSwGpmLYfuuIKWOuDc+Rman/hQxUgu1ews/rjg9WR98IT lnSb2t6sZMD5Dq33klBzHY690TWNr9JmvAA5M5c0DeBgLS0IqAnG0oxmOPobExlE joeuM4x0c9rhReKKiDkcwYCc95qJ1yxxF6T6vm33ZZlrJhCBJ14YyZEPjE26CLuf YenzQmAIOvAd32yWo/lrYvRD0ebuNo7apJlUXXcevTTxxkkOckt39Wi8sz7bCGP+ RCtsCX87urpXK+JnV91Uow==;
Reply-to: jeffv <jeffv@op.net>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla Thunderbird

Critical Zimbra RCE flaw exploited to backdoor servers using emails

https://www.bleepingcomputer.com/news/security/critical-zimbra-rce-flaw-exploited-to-backdoor-servers-using-emails/

The Zimbra remote code execution flaw is tracked as CVE-2024-45519 andexists in Zimbra's postjournal service, which is used to parse incomingemails over SMTP. Attackers can exploit the vulnerability by sendingspecially crafted emails with commands to execute in the CC field, whichare then executed when the postjournal service processes the email.

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: Re: [PLUG] Why Don't These Links Work Anymore?
Next by Date: Re: [PLUG] [plug-announce] Wed Oct 2 - PLUG Central - "General Discussion" (7pm online)
Previous by thread: Re: [PLUG] [plug-announce] Wed Oct 2 - PLUG Central - "General Discussion" (7pm online)
Next by thread: Re: [PLUG] Reputable sources for reconditioned / refurbished laptops
Index(es):
- Date
- Thread