7-1-09 security patch

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
2423bradb21
Advanced member
Advanced member
Posts: 185
Joined: Fri Sep 12, 2014 10:43 pm

7-1-09 security patch

Postby 2423bradb21 » Wed Jul 01, 2009 8:34 pm

I was just thinking the same thing. I logged onto my suppport account with Zimbra expecting to see something in there, but didn't. I started wondering the same thing wondering if I really wanted to apply that code to my server.
Zimbra is this for real?


2423bradb21
Advanced member
Advanced member
Posts: 185
Joined: Fri Sep 12, 2014 10:43 pm

7-1-09 security patch

Postby 2423bradb21 » Wed Jul 01, 2009 8:38 pm

ok, that's what I was thinking as well. I figured you might not want to make it public. It's just alarms started ringing when none of the URL's went back to Zimbra. Just being cautious. Thanks!
UMDjwain
Posts: 44
Joined: Fri Sep 12, 2014 11:53 pm

7-1-09 security patch

Postby UMDjwain » Wed Jul 01, 2009 8:45 pm

In case anybody was waiting for some reports on this, we've applied it to our systems successfully- 5.0.16 on RHEL5-64.
Thanks to all involved for getting the word out and making the patch easy to apply!
greenrenault
Advanced member
Advanced member
Posts: 180
Joined: Fri Sep 12, 2014 10:13 pm

7-1-09 security patch

Postby greenrenault » Wed Jul 01, 2009 10:13 pm

I received a Zimbra Security Vulnerability Report email today. Is this a hoax or for real? There is no mention of it in the forum announcements.
If real, will this precipitate a new Zimbra release? I really hate 'patching' a system.
Thanks!
kirme3
Advanced member
Advanced member
Posts: 179
Joined: Fri Sep 12, 2014 10:09 pm

7-1-09 security patch

Postby kirme3 » Wed Jul 01, 2009 10:21 pm

Information about the vulnerability can be found in the support portal, so I would say it's safe to say it's real.
mmorse
Ambassador
Ambassador
Posts: 6036
Joined: Fri Sep 12, 2014 10:24 pm

7-1-09 security patch

Postby mmorse » Wed Jul 01, 2009 10:25 pm

Valid & available in the portal https://support.zimbra.com
We
apologize for the link url's in the notice emails being obscured through loopfuse / not pointing directly to files.zimbra or h.yimg and causing concerns over it's legitimacy.
cdenley
Posts: 47
Joined: Fri Sep 12, 2014 11:34 pm

7-1-09 security patch

Postby cdenley » Thu Jul 02, 2009 8:39 am

We use ZCS Network Pro. We received a security notice last night from Zimbra advising us to install a patch. I verified the md5 checksum provided in the e-mail. However, the link to the update was directed to the server "loopfuse.net". After inspecting the headers, I saw the e-mail came from this domain as well. Only after looking further in the message source did I notice that the text version of the same e-mail actually provides direct links to the same patch hosted on "zimbra.com".
If zimbra expects administrators to replace important system files linked to through a third party in an e-mail, doesn't that leave them vulnerable to social engineering? If I had a copy of that same file except one that creates vulnerabilities instead of fixing them, I can send a similar e-mail to zimbra admins using a domain which sounds like it could be a marketing partner, tricking them into making their system wide open for attack.
klopfer
Posts: 18
Joined: Fri Sep 12, 2014 10:22 pm

7-1-09 security patch

Postby klopfer » Thu Jul 02, 2009 9:18 am

Last night I received an email from Zimbra about a security vulnerability in the mailbox server with a link to download a patch. I was going to apply the patch, but it doesn't download from the Zimbra site, which made me a bit concerned. I haven't seen anything about this in the forums, or the Zimbra site. Is there any more information about this?
Does it just affect NE or the FOSS version as well. If it effects both, is there a FOSS patch somewhere?
klinet
Posts: 19
Joined: Fri Sep 12, 2014 10:38 pm

7-1-09 security patch

Postby klinet » Thu Jul 02, 2009 9:51 am

A FEW MINUTES AGO THERE WAS A POSTING TITLED "MAILBOXD SECURITY VULNERABILITY?", THAT POST IS NOW GONE. WHAT'S UP WITH THAT? I HAVE ATTACHED A PICTURE OF THAT POST.
I DID NOT RECEIVE THIS MESSAGE BUT ONE OF MY END USERS DID AND HAS SEND IT TO ME. I HAVE LOOKED AT THE HEADERS ON THE MESSAGE AND IT LOOKS LIKE IT WAS SENT FROM LOOPFUSE.NET. IS THIS A SCAM? THE MESSAGE LOOKS GOOD BUT THE SOURCE IS QUESTIONABLE AND THE DOWNLOAD LINKS ARE ALSO POINTED AT LOOPFUSE.

Picture 8.jpg

phoenix
Ambassador
Ambassador
Posts: 26151
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

7-1-09 security patch

Postby phoenix » Thu Jul 02, 2009 9:57 am

This post has been moderated until a formal forum announcement is made about this issue.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168

Return to “Administrators”

Who is online

Users browsing this forum: Google [Bot] and 44 guests