Search found 150 matches

by maxxer
Mon May 27, 2019 11:24 am
Forum: Administrators
Topic: certbot-zimbra v0.7 rewrite - call for testing
Replies: 0
Views: 314

certbot-zimbra v0.7 rewrite - call for testing

Hi all. Thanks to the collaboration of Jernej Jakob the script has been rewritten. We're calling people for testing this new rewrite before we publish it as a release. The new version is currently in a separate branch on Github. If you use this script and need to deploy a new cert, we kindly ask you...
by maxxer
Thu May 09, 2019 4:20 pm
Forum: Users
Topic: Images in Signatures
Replies: 3
Views: 1526

Re: Images in Signatures

Broken and not going to be fixed.

viewtopic.php?f=15&t=66125#p290205
by maxxer
Thu May 09, 2019 4:13 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 248
Views: 201507

Re: CVE-2019-9670 being actively exploited

And if so, could you post your specific eradication steps please? I did, but was in the early stage of infection. All I did is documented on my blog and here. I got a recurring infection on an 8.6 box, but after cleaning up malicious jsps and restarting zimbra I never got attacked again. Nowadays a...
by maxxer
Thu May 09, 2019 4:09 pm
Forum: Users
Topic: Images in Signatures
Replies: 3
Views: 1526

Re: Images in Signatures

steelbricks wrote:Is this occuring in 8.8 versions?


It seems to be a bonus of patched 8.6 only :/
by maxxer
Thu May 02, 2019 2:38 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 248
Views: 201507

Re: CVE-2019-9670 being actively exploited

yellowhousejake wrote:I still thought it best to see if I should patch for this exploit but I am unable to determine if it is needed. When I go the security page it does not list this CVE number under any patches for 8.8.9.

for current zimbra supported version, namely 8.8.x, you must update to the latest version.
by maxxer
Thu May 02, 2019 6:42 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 248
Views: 201507

Re: CVE-2019-9670 being actively exploited

halfgaar wrote:Maxxer, you may want to be more explicit in your blog post about changing the LDAP password


done, thanks
by maxxer
Mon Apr 29, 2019 7:47 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 248
Views: 201507

Re: CVE-2019-9670 being actively exploited

How many accounts do you have? There is an account export function, per account, that you could use perhaps. It would be relatively easy to write a bash script to do that for all accounts. Like this in a loop: this is unreliable. see bgo#101760 . Nowadays better use ZeXtas migration tool, it's free...
by maxxer
Sat Apr 27, 2019 1:12 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 248
Views: 201507

Re: CVE-2019-9670 being actively exploited

Looked for jsp files and didn't find anything suspicious around. Is there a way to prevent linux from creating the zmcat file for example? so that if deletes it immediately? Did you try the dpkg/rpm commands to check for modified files? To prevent zmcat creation create it yourself then chown root a...
by maxxer
Fri Apr 26, 2019 6:58 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 248
Views: 201507

Re: CVE-2019-9670 being actively exploited

Has anyone with recurring infections checked if the attacker uploaded a key to /opt/zimbra/.ssh/authorized_keys? Or if there are remote ssh logins for the zimbra user?
by maxxer
Fri Apr 26, 2019 2:55 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 248
Views: 201507

Re: CVE-2019-9670 being actively exploited

The infection is (obviously) start mutating: an user reported high cpu usage from /opt/zimbra/log/zmswatch binary

Go to advanced search