CVE-2024-27442

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration (ZCS) versions 9.0 through 10.0

Description An issue was discovered in the zmmailboxdmgr binary, a component of Zimbra Collaboration (ZCS), which is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root because of improper handling of input arguments. This allows an attacker to execute arbitrary commands with elevated privileges, leading to local privilege escalation.

Recommendations For Zimbra Collaboration (ZCS) versions 9.0 through 10.0, consider restricting the execution of the zmmailboxdmgr binary to prevent privilege escalation until a patch is available. As a temporary workaround, ensure that the zimbra user's privileges are closely monitored and limited to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.