Cve20207796 Zimbra Collaboration Suite Full ((hot))

Security Advisory Report: CVE-2020-7796

Stay secure, and audit your Zimbra servers today.

Zimbra Collaboration Suite versions prior to 8.8.15 Patch 7

The vulnerability impacts . Remediation and Mitigation

buffer overflow

The specific flaw is a vulnerability. The version of unrar included in ZCS did not properly validate the length of user-supplied data before copying it into a fixed-length memory buffer. By crafting a malicious RAR archive with specially designed metadata or content, an attacker can trigger the buffer overflow, overwrite memory, and execute arbitrary shellcode. cve20207796 zimbra collaboration suite full

CVE-2020-7796

The post-mortem revealed: wasn't just an SSRF. It was a master key. Combined with the default Zimbra architecture (Admin on 7071, Mailbox on 8080, ProxyServlet on 80/443), an unauthenticated remote attacker could chain it into full RCE in 8 HTTP requests. The version of unrar included in ZCS did

Conclusion

The impact of this vulnerability is severe and multifaceted: It was a master key