Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Zimbra zmslapd arbitrary module load
Vulnerability Description
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Zimbra 安全漏洞
Vulnerability Description
Zimbra是美国Zimbra公司的一套开源的电子邮件协作平台。 Zimbra存在安全漏洞,该漏洞源于其sudo配置允许用户使用任意参数作为根用户执行zmslapd二进制文件。作为其预期功能的一部分,zmslapd可以加载用户定义的配置文件,其中包括so文件形式的插件,导致这些插件也作为根用户执行。
CVSS Information
N/A
Vulnerability Type
N/A