This Metasploit module creates a .tar file that can be emailed to a Zimbra server to exploit CVE-2022-41352. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in the cpio command-line utility that can extract an arbitrary file to an arbitrary location on a Linux system (CVE-2015-1197). Most Linux distros have chosen not to fix it. This issue is exploitable on Red Hat-based systems (and other hosts without pax installed) running versions Zimbra Collaboration Suite 9.0.0 Patch 26 and below and Zimbra Collaboration Suite 8.8.15 Patch 33 and below.
Support the originator by clicking the read the rest link below.
