rbowes-r7 (23)
Last Login: July 29, 2022
rbowes-r7's Latest (5) Contributions
Technical Analysis
While we focused on Zimbra in our analysis, there are almost certainly other targets for this vulnerability that we are not aware of yet.
Exploiting this against Zimbra is really bad – it can be done fairly quietly and it doesn’t require direct access to the server, and can easily lead to root access to the server hosting users’ email. This is super urgent to patch on Zimbra!
Technical Analysis
CVE-2022-22954 came out at nearly the same time, is easier to exploit, and grants access to the underlying OS rather than the web interface. I think that’s going to be the issue that ends up mattering, and this will be overshadowed.
The biggest problem is that this requires an Internet-facing SSL server, so attacks can’t easily be automated.
Technical Analysis
The patch was difficult to analyze, due to the sheer amount of code and changes. But once Horizon3 released a PoC, tracking down the root cause and analyzing what’s going on was much easier. Cheers!
Technical Analysis
Super underwhelming, IMO – requires a confluence of bad configuration. Microsoft’s claims that they see vulnerable configurations in the wild are dubious – it takes some effort to make yourself vulnerable (I just used sudo
to run as the networkd user, but that’s cheating). Definitely not a name-worthy vulnerability!
Technical Analysis
With publicly available information, this was super trivial to exploit! In the Rapid7 analysis, I chained it together with what I thought was CVE-2022-22960 (I’m not sure it was anymore) to go from unauthenticated HTTPS access to root very easily.