Mitigate CVE-2022-27925 on Nginx

Mitigate CVE-2022-27925 on Nginx


   KB 24469        Last updated on 2022-08-23  




0.00
(0 votes)

Problem

ZCS versions before 8.8.15 Patch 31 and 9.0.0 Patch 24 are vulnerable to "CVE-2022-27925".


Accessing the following URL returns "500 Server Error", however the request succeeds on un-patched systems.

curl https://mail.example.com/service/extension/backup/mboximport

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 500 Server Error</title>
</head>
<body><h2>HTTP ERROR 500</h2>
<p>Problem accessing /service/extension/backup/mboximport. Reason:
<pre>Server Error</pre></p>
</body>
</html>


Solution

To mitigate this, Nginx templates on proxy servers have to modified.


1) Take a backup of current templates directory "/opt/zimbra/conf/nginx/templates".

sudo cp -pvr /opt/zimbra/conf/nginx/templates /opt/zimbra/conf/nginx/templates.`date +%Y%m%d%H%M%S`.bak 


2) Modify the admin templates by adding the following location block just before the end of the server block.

Admin template files:

/opt/zimbra/conf/nginx/templates/nginx.conf.web.admin.default.template
/opt/zimbra/conf/nginx/templates/nginx.conf.web.admin.template
-------------------
    location ^~ /service/extension/backup/mboximport
    {
        return 404;
    }
-------------------


The following screenshots show the entries before and after modification.

Default entry before modification:
CVE-2022-27925 image1.PNG
After modification:
CVE-2022-27925 image2.PNG


3) Now modify the HTTP and HTTPS templates and add the same new location block at the end before the last "include" line.

HTTP and HTTPS template files:

/opt/zimbra/conf/nginx/templates/nginx.conf.web.http.default.template
/opt/zimbra/conf/nginx/templates/nginx.conf.web.http.template
/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.default.template
/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.template


Default entry before modification:
CVE-2022-27925 image3.PNG
After modification:
CVE-2022-27925 image4.PNG


4) Restart Proxy and Memcache services.

su - zimbra
zmproxyctl restart
zmmemcachedctl restart 


5) After applying these changes, requests for mboximport returns a 404 Error.

curl https://mail.example.com/service/extension/backup/mboximport

<html>
<head> <title>404 Not Found</title> </head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>


Submitted by: Heera Singh Koranga
Verified Against: Date Created:
Article ID: https://wiki.zimbra.com/index.php?title=Mitigate_CVE-2022-27925_on_Nginx Date Modified: 2022-08-23



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Jump to: navigation, search