In this section we go into detail about which versions of unrar are affected. The vulnerability ultimately allows a remote attacker to execute arbitrary code on a vulnerable Zimbra instance without requiring any prior authentication or knowledge about it. As a result, we discovered a 0-day vulnerability in the unrar utility, a 3rd party tool used in Zimbra. In this blog post, we present how our research team approached Zimbra by taking on the perspective of an APT group. Classified documents could be stolen, passwords reset, and members of an organization impersonated to compromise more accounts. The fact that a 0-day vulnerability was used to steal emails from individual user accounts shows how valuable a compromised email account is to an attacker and how disastrous the impact of such vulnerabilities is on an organization. Zimbra instances recently became a target of a 0-day attack campaign, likely conducted by a state actor who targeted European government and media instances. Zimbra is an enterprise-ready email solution used by over 200,000 businesses, government and financial institutions. ![]() By sharing our findings from this perspective, we also aim to provide useful insights and learnings to the community. To uncover and understand complex vulnerabilities in high-profile applications, our researchers need to take the perspective of real-world attackers. At Sonar, we are studying real-world vulnerabilities to improve our code analyzers, and to help the open-source community to secure their projects.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |