Results 1 to 1 of 1

Thread: Security Vulnerability Alert

Threaded View

  1. #1
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Exclamation Security Vulnerability Alert

    ZCS Security Vulnerability Alert
    I. Description
    We have recently discovered a possible vulnerability with Zimbra's Tomcat install. To prevent any possible vulnerability on your system we recommend that you follow the steps below to remove the host-manager and manager webapps from the Zimbra Tomcat install.


    II. Impact
    A remote, unauthenticated attacker may be able to deploy arbitrary code with user level privileges on a vulnerable system.
    ZCS 4.0.0 and greater are affected.
    ZCS 4.5.5 will include the fix for this issue.

    III. Solution
    Check if you have the manager installed:
    ls /opt/zimbra/tomcat/server/webapps
    host-manager manager
    Move the server/webapps to a backup dir:
    mv /opt/zimbra/tomcat/server/webapps/ /opt/zimbra/tomcat/server/webapps_old
    Restart Tomcat:
    su - zimbra
    tomcat restart
    Network Edition Customers: If you have any questions or would like assistance please contact Zimbra Support via the Support Portal.

    Open Source Users:
    If you have any questions or comments, please confine them to this thread. You may also pvt me(jholder), KevinH, Phoenix or any of our moderators with any security related questions.

    Special Thanks
    To Léo Goehrs from Alionis.net for alerting us to this issue.


    Zimbra takes security very seriously. If you ever believe that you have a security issue with Zimbra, you should always report it to a Zimbra Employee, rather than posting it in the forums.

    Best,
    The Zimbra Forums Team
    Last edited by jholder; 04-21-2007 at 04:47 PM.

Similar Threads

  1. DelegateAuth in audit.log
    By Krishopper in forum Administrators
    Replies: 2
    Last Post: 05-17-2007, 06:08 AM
  2. 4.5.4: Security Update Available
    By jholder in forum Administrators
    Replies: 0
    Last Post: 04-26-2007, 10:40 PM
  3. High Performance, Security, Redundancy
    By gjhorne in forum Installation
    Replies: 1
    Last Post: 03-31-2007, 12:29 AM
  4. Zimbra Security Patches or Updates?
    By illscientific in forum Administrators
    Replies: 5
    Last Post: 10-19-2006, 02:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •