Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the ‘zimbra’ user can effectively coerce postfix into running arbitrary commands as ‘root’.
[
{
"vendor": "Synacor",
"product": "Zimbra Collaboration Suite (ZCS)",
"versions": [
{
"version": "9.0.0",
"status": "affected",
"lessThanOrEqual": "9.0.0",
"versionType": "custom"
}
]
}
]