Zimbra AJAX Webmail not loading

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
sibercintra
Posts: 3
Joined: Wed May 11, 2016 8:23 pm

Re: Zimbra AJAX Webmail not loading

Postby sibercintra » Mon May 27, 2019 12:33 pm

Same problem here on our server. we take the following actions: we change the permissions according to ab_zimbra, we remove the lines in the contrab that call zmswatch and we block the address in the firewall http://93.113.108.146:443/cr.sh.
The environment is stable but we still can not resolve the problems with the attachments.
But the question that does not want to be silent is how to correct the vunerability so that another attack does not occur.


phoenix
Ambassador
Ambassador
Posts: 26446
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Zimbra AJAX Webmail not loading

Postby phoenix » Mon May 27, 2019 12:41 pm

sibercintra wrote:But the question that does not want to be silent is how to correct the vunerability so that another attack does not occur.
If you look in the forums you'll find out how to clean this hack from your server, you should then make sure your server is patched and at the most recent released version.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
Klug
Elite member
Elite member
Posts: 2359
Joined: Mon Dec 16, 2013 11:35 am
Contact:

Re: Zimbra AJAX Webmail not loading

Postby Klug » Mon May 27, 2019 12:41 pm

The patch to avoid this have been available for more than a month now.
sibercintra
Posts: 3
Joined: Wed May 11, 2016 8:23 pm

Re: Zimbra AJAX Webmail not loading

Postby sibercintra » Mon May 27, 2019 12:50 pm

AR84 wrote:Hey guys, dont forget to also check your Email Accounts, in our case there was some users with Administrator privilidge that have been added.
They added the accounts such as
no-replayz@....
no-rreplay@....
zmbr@....

Make sure you delete all accounts that are not from you.



here the user wrcm @
yvespires
Posts: 20
Joined: Tue Jan 03, 2017 1:15 pm

Re: Zimbra AJAX Webmail not loading

Postby yvespires » Mon May 27, 2019 1:25 pm

phoenix
Ambassador
Ambassador
Posts: 26446
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Zimbra AJAX Webmail not loading

Postby phoenix » Mon May 27, 2019 1:30 pm

yvespires wrote:Is this patch cumulative?
Does the search function of these forums not work any longer, is it not possible to read the product documentation or the Release Notes? If you had done any of those thing you'd know that patches in Zimbra are cumulative!!!
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
AB_Zimbra
Posts: 4
Joined: Sat May 25, 2019 12:52 pm

Re: Zimbra AJAX Webmail not loading

Postby AB_Zimbra » Mon May 27, 2019 2:33 pm

sibercintra wrote:Same problem here on our server. we take the following actions: we change the permissions according to ab_zimbra, we remove the lines in the contrab that call zmswatch and we block the address in the firewall http://93.113.108.146:443/cr.sh.
The environment is stable but we still can not resolve the problems with the attachments.
But the question that does not want to be silent is how to correct the vunerability so that another attack does not occur.


The upload/attachment problem has to do with the same issue. You can resolve by executing (as root):
chmod 755 /opt/zimbra/data/tmp/upload

For information on mitigate and clean-up the hack, please refer to,
https://forums.zimbra.org/viewtopic.php?t=65932
https://lorenzo.mile.si/zimbra-cve-2019-9670-being-actively-exploited-how-to-clean-the-zmcat-infection/961/
Zulianto
Posts: 2
Joined: Wed Feb 07, 2018 2:28 am

Re: Zimbra AJAX Webmail not loading

Postby Zulianto » Mon May 27, 2019 4:11 pm

AB_Zimbra wrote:We had exactly the same issue. And I saw that the files had the wrong permissions (executable instead of writeable).

Version: 8.7.11_GA_3800.NETWORK

I did the following (as root);
cd /opt/zimbra/mailboxd
find webapps -type d -exec chmod 0755 {} \;
find webapps -type f -exec chmod 0644 {} \;

Then restart Zimbra;
su - zimbra
zmcontrol restart

After that, everything working fine again and no such messages in the logs anymore.



My Zimbra Version: 8.6.0_GA_1194.NETWORK
It Working for me.. Thanks AB_Zimbra
dhayes
Posts: 18
Joined: Sat Sep 13, 2014 12:26 am

Re: Zimbra AJAX Webmail not loading

Postby dhayes » Mon May 27, 2019 6:07 pm

Hello All...Does this vulnerability affect 8.7.9 network ?

Thanks
Dave
Last edited by dhayes on Mon May 27, 2019 10:56 pm, edited 3 times in total.
koval1986
Posts: 5
Joined: Mon May 27, 2019 5:30 am

Re: Zimbra AJAX Webmail not loading

Postby koval1986 » Mon May 27, 2019 7:35 pm

Someone got rid of the emerging process .kthrotlds 400% proc
I am not very good specialist in Linux. Сan you explain step by step what i should do
8.7.7_GA_1787.FOSS :cry: :cry: :cry:

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 7 guests