Arbitrary Code Execution Vulnerability Affects Stalwart Mail Server
CVE-2024-35187

9.1CRITICAL

Key Information:

Vendor: Stalwartlabs
Status: Mail-server
Vendor: CVE Published:; 16 May 2024

🔔 Create Stalwartlabs Vulnerability Alert

What is CVE-2024-35187?

The Stalwart Mail Server, an open-source email solution, has a vulnerability that allows attackers to achieve arbitrary code execution as the stalwart-mail user. This flaw poses a significant risk because once compromised, an attacker can elevate their privileges to gain complete root access to the system. Despite running as a separate user to limit access, the server can easily grant itself full permissions, undermining the intended isolation of system services. This results in a serious security lapse, especially for server administrators who have provided admin credentials without actually granting root access, exposing their systems to further exploitation. Affected versions have been addressed in version 0.8.0, which contains a patch to mitigate this critical issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

mail-server < 0.8.0

References

https://github.com/stalwartlabs/mail-server/security/advi...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
May 10, 2024

JSON

Stalwartlabs

What is CVE-2024-35187?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.