14 DAY TRIAL // Security researchers from Vulnerability Lab have identified a number of web vulnerabilities in Zimbra Collaboration Server, the popular open source email, calendar and collaboration server designed for enterprises.
The affected products are Zimbra Network Edition and Zimbra Open Source Edition v7.2 and 7.2 GA.
The proof-of-concept will be published only after the vulnerabilities are resolved, but in the meantime, let’s take a look at the dangers they present to users.
“The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent). Successful exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent) context manipulation. Exploitation requires low user inter action& privileged application user account,” the experts explained.
The first security hole can allow an attacker to inject malicious code in the favorite address field. This issue, caused by the bound Ajax exception handling in the favorite list, can result in persistent code execution and affects the database management system via an “exception-handling out of the invalid address error.”
Another vulnerability has been found in the alarm function of the tasks - settings for notifications section. In this case, the attacker could initiate an event with malicious code inside the date input fields.
All the event or task viewers will be affected by the persistent code execution.
The third flaw is also persistent and it’s found in the Contact Address field of the address book. This bug could permit attackers to add new users with the aid of malicious scripts.
The CVS contact import and export module also contains a persistent vulnerability that can be leveraged with the use of specially crafted .cvs files. Once the malicious file is imported, the script is executed in the application’s context.
Zimbra is owned by VMWare, so the security experts contacted both companies and according to Benjamin Kunz Mejri, the CEO and founder of Vulnerability Lab, they promised to address the issues with the launch of the next update.