7-1-09 security patch

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
bonadio
Advanced member
Advanced member
Posts: 85
Joined: Fri Sep 12, 2014 11:11 pm

7-1-09 security patch

Postby bonadio » Thu Jul 02, 2009 12:29 pm

Hello
I received yesterday an email suposed comming from Zimbra saying that all version have a critical bug and asking to upgrade some software, the email looks like very real but the link to the download file is outside of zimbra and looks like very suspicious.
I am attaching the message that I received as a pdf
Following the header
Received: from mx01.vm10.com.br (10.14.78.189) by w01.viewit.local

(10.14.78.130) with Microsoft SMTP Server id 8.1.375.2; Wed, 1 Jul 2009

21:28:44 -0300

Received: from email1.atl.loopfuse.net (email1.atl.loopfuse.net [64.94.11.25])

by mx01-int.vm10.com.br (Postfix) with ESMTP id CF77CD9B9C for

; Wed, 1 Jul 2009 21:47:53 -0300 (BRT)

Received: from proc1.atl.loopfuse.net (64.94.11.21) by email1.atl.loopfuse.net

(PowerMTA(TM) v3.5r11) id h9fvsk0pb50n for ;

Wed, 1 Jul 2009 20:30:02 -0400 (envelope-from )

From: Zimbra Support

Reply-To: support@zimbra.com

To: cesar.bonadio@viewit.com.br

Message-ID:

Subject: Zimbra Security Vulnerability Report

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_Part_162736_520781612.1246494602459"

LF_CID: LF_fe2186a1

LF_VID: 4a1c8e87-b8b0-4ff2-be97-f441a0d7f083

LF_KID: 28

LF_EMAIL: cesar.bonadio@viewit.com.br

Date: Wed, 1 Jul 2009 21:47:53 -0300

Return-Path: bounce-notify@zimbra.com

Zimbra Security Vulnerability Report.pdf



phoenix
Ambassador
Ambassador
Posts: 26714
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

7-1-09 security patch

Postby phoenix » Thu Jul 02, 2009 12:36 pm

This is a genuine email from Zimbra and apologies for the confusing link, your post has been moderated until a formal announcement is made on the forums.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
jholder
Zimbra Employee
Zimbra Employee
Posts: 4686
Joined: Fri Sep 12, 2014 10:00 pm

7-1-09 security patch

Postby jholder » Thu Jul 02, 2009 12:36 pm

This is a legitimate email, and due to the severity of the issue, we have not publicity announced it. We will do so later today.
We notified NE customers via email to provide a 24 hour update window before the information is released to the public.
Therefore, I have to hide this thread until we announce.
Thanks,

john
8243Hubert
Posts: 13
Joined: Sat Sep 13, 2014 12:31 am

7-1-09 security patch

Postby 8243Hubert » Thu Jul 02, 2009 9:29 pm

[quote user="greenrenault"]I received a Zimbra Security Vulnerability Report email today. Is this a hoax or for real? There is no mention of it in the forum announcements.
If real, will this precipitate a new Zimbra release? I really hate 'patching' a system.
Thanks![/QUOTE]
I would highly recommend patching ASAP rather than waiting for the next release (I discovered the vulnerabiliy).
You just have to replace 2 JAR files and do zmmailboxdctl stop/start (not necessary to restart all services if your version has zmmailboxdctl).
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 2200
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 8.8.15 Network Edition
Contact:

7-1-09 security patch

Postby L. Mark Stone » Fri Jul 03, 2009 9:38 am

[quote user="8243Hubert"]I would highly recommend patching ASAP rather than waiting for the next release (I discovered the vulnerabiliy).
You just have to replace 2 JAR files and do zmmailboxdctl stop/start (not necessary to restart all services if your version has zmmailboxdctl).[/QUOTE]
Hubert,
As a Premiere Zimbra Hosting provider and erstwhile Forum Moderator I just want to say a very sincere and hearty "thank you!" publicly to you for discovering this, and for the very professional manner in which you and everyone else pursued a speedy and easy-to-implement solution.
It is very, very much appreciated!
Thanks again,

Mark
P.S. Has Zimbra offered you a job yet? (Only half joking here...)
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/
andrewfn
Posts: 17
Joined: Fri Sep 12, 2014 11:37 pm

7-1-09 security patch

Postby andrewfn » Fri Jul 03, 2009 9:46 am

Thanks for the speedy patch. Unfortunately there is a line missing from the instructions. You need to:

mkdir /opt/zimbra/save-07012009


or the mv will fail
chauvetp
Outstanding Member
Outstanding Member
Posts: 350
Joined: Fri Sep 12, 2014 11:28 pm

7-1-09 security patch

Postby chauvetp » Fri Jul 03, 2009 10:18 am

When was this e-mail notice sent? I am only seeing this on the forum and I (as a NE user) cannot find any record of receiving this notice.
uxbod
Ambassador
Ambassador
Posts: 7811
Joined: Fri Sep 12, 2014 10:21 pm

7-1-09 security patch

Postby uxbod » Fri Jul 03, 2009 10:25 am

I would check with your account manager :)
su_A_ve
Advanced member
Advanced member
Posts: 173
Joined: Fri Sep 12, 2014 10:22 pm

7-1-09 security patch

Postby su_A_ve » Sun Jul 05, 2009 12:09 pm

[quote user="andrewfn"]Thanks for the speedy patch. Unfortunately there is a line missing from the instructions. You need to:

mkdir /opt/zimbra/save-07012009


or the mv will fail[/QUOTE]
Yup - beat me to it...
Even on the announcement, it's missing...

Return to “Administrators”

Who is online

Users browsing this forum: JDunphy and 26 guests