Search found 32 matches

by yeeP6rai
Fri Apr 12, 2019 7:51 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 241
Views: 180857

Re: CVE-2019-9670 being actively exploited

rpm -qa zimbra* | xargs rpm -qV - | egrep -E '^.{2}5' l some correction rpm -qa "zimbra*" | xargs rpm -qV - | egrep -E '^.{2}5' Output codes: S = File size changed M = File mode changed 5 = MD5 checksum changed L = Symlink changed U = Owner changed G = Group changed T = Modification time ...
by yeeP6rai
Tue Apr 09, 2019 8:46 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 241
Views: 180857

Re: CVE-2019-9670 being actively exploited

maxxer wrote:
yeeP6rai wrote:Yes... Thanks

along with them I found also some .class files with the same basename of .java

I found too .class files)
by yeeP6rai
Tue Apr 09, 2019 6:06 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 241
Views: 180857

Re: CVE-2019-9670 being actively exploited

You cab also search for recent files using find /opt/zimbra/jetty/ -name "*.jsp" -mtime -15 -ls Other than this users found malicious .java files . Additionally to the one above also this find should be run: find /opt/zimbra/jetty/ -name "*_jsp.java" -mtime -15 -ls Yes... Thanks...
by yeeP6rai
Tue Apr 09, 2019 9:35 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 241
Views: 180857

Re: CVE-2019-9670 being actively exploited

maxxer wrote:
yeeP6rai wrote:Is there way to know about new patches (via rss, maillist, zabbix web page monitor, etc) for specific zimbra version?

rss: https://blog.zimbra.com/

Thank you!
by yeeP6rai
Tue Apr 09, 2019 9:11 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 241
Views: 180857

Re: CVE-2019-9670 being actively exploited

Is there way to know about new patches (via rss, maillist, zabbix web page monitor, etc) for specific zimbra version?
Thanks
by yeeP6rai
Tue Apr 09, 2019 8:22 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 241
Views: 180857

Re: CVE-2019-9670 being actively exploited

I found on my server. And yes, it has /tmp/zmcat binary file and /tmp/l.sh and /tmp/s.sh shell files (for it content see blow) Zimbra version: 8.7.11_GA_3706 ps -aefH root 18242 1 0 мар23 ? 00:00:00 /opt/zimbra/libexec/zmmailboxdmgr start -Dfile.encoding=UTF-8 -server -Dhttps.protocols=TLSv1,TLSv1 z...
by yeeP6rai
Mon Mar 25, 2019 2:49 pm
Forum: Administrators
Topic: Unable to display mail causing 100% CPU utilization
Replies: 3
Views: 1364

Re: Unable to display mail causing 100% CPU utilization

I've this issue too. Zimbra version: Zimbra 8.7.11_GA_3706 (build 20181024020537) If need, I can forward message source. 2019-03-25 17:19:25.064:WARN:oejm.ThreadMonitor:Thread-39: org.eclipse.jetty.monitor.thread.ThreadMonitorException: Thread 'qtp2036958521-34263:https:https://mail.domain.ru/servic...
by yeeP6rai
Fri Oct 05, 2018 9:45 am
Forum: Administrators
Topic: domain aliases and rejecting false mail from addresses
Replies: 5
Views: 2008

Re: domain aliases and rejecting false mail from addresses

yeeP6rai wrote:I've this issue too on 8.7.11 GA.
For domain this instructions is working, but for domain alias is not.
Is there solutions?
Thanks

Any solutions?
by yeeP6rai
Wed Feb 21, 2018 10:40 am
Forum: Administrators
Topic: Zimbra Auto Provision only run in the first time
Replies: 6
Views: 2664

Re: Zimbra Auto Provision only run in the first time

Hello, I'm also running through this issue. [zimbra@srv-lnxvmx1 ~]$ zmcontrol -v Release 8.7.11_GA_1854.RHEL7_64_20170531151956 RHEL7_64 FOSS edition. EAGER mode. Try recreate your test user in LDAP and wait for zimbraAutoProvPollingInterval. Some time ago, i'm also was discover this issue, and as ...
by yeeP6rai
Wed Feb 21, 2018 10:29 am
Forum: Administrators
Topic: auto decline of calendars not working
Replies: 2
Views: 1023

Re: auto decline of calendars not working

I've this issue too. My settings (COS is "default"): [zimbra@zimbra ~]$ zmprov gc default zimbraCalendarResourceDoubleBookingAllowed # name default zimbraCalendarResourceDoubleBookingAllowed: FALSE [zimbra@zimbra ~]$ zmprov gcr resource_name@domain.com zimbraCalendarResourceDoubleBookingAl...

Go to advanced search