Search found 4 matches

by Eritea
Fri May 03, 2019 11:07 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 239
Views: 138547

Re: CVE-2019-9670 being actively exploited

Well I got it running. I'll tell you what I did and it worked for me. First I followed all the steps at the Lorenzo's Blog. I've installed a new ZIMBRA with exactly the same version and the same patch. Then I ran the Lorenzo's command to check the debsum: dpkg -l zimbra* | grep ^ii | awk '{print $2}...
by Eritea
Fri May 03, 2019 9:22 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 239
Views: 138547

Re: CVE-2019-9670 being actively exploited

Eritea, I think you're confusing things. Your contents on /tmp and that process seem normal. The script that the wget command in cron downloads shows what is done. It's posted a page back, go look at it. And, clean your crontab. And what files have a mismatched hash? Can you post it? Here you are: ...
by Eritea
Thu May 02, 2019 3:57 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 239
Views: 138547

Re: CVE-2019-9670 being actively exploited

Hello, We've noticed we were affected this morning. But I think we were affected by a new kind of malware (I think). We found this lines a te crontab for the zimbra user: root@mail:/var/spool/cron/crontabs# cat zimbra # DO NOT EDIT THIS FILE - edit the master and reinstall. # (- installed on Thu May...
by Eritea
Thu May 02, 2019 7:07 am
Forum: Administrators
Topic: Zimbra hacked??
Replies: 1
Views: 376

Zimbra hacked??

Good morning, This is what we've found at the crontab: root@mail:/var/spool/cron/crontabs# cat zimbra # DO NOT EDIT THIS FILE - edit the master and reinstall. # (- installed on Thu May 2 08:55:34 2019) # (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $) * * * * * wget -q -O - h...

Go to advanced search