VYPR
Unrated severityNVD Advisory· Published Aug 16, 2022· Updated Sep 17, 2024

Zimbra zmslapd arbitrary module load

CVE-2022-37393

Description

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Zimbra/Zimbrallm-fuzzy
  • Synacor/Zimbra Serverv5
    Range: 9.0.0.p27

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.