This forum is being actively monitored by CVE-2019-9670 exploiters

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
gabrieles
Advanced member
Advanced member
Posts: 125
Joined: Tue Feb 14, 2017 9:40 am

This forum is being actively monitored by CVE-2019-9670 exploiters

Postby gabrieles » Tue May 28, 2019 10:36 am

It's clear that this forum is being monitored by exploiters and used to modify the attack vector accordingly.

One of the steps of the attack is to modify the date of the files
/opt/zimbra/mailboxd/webapps/zimbra/js/zimbra/csfe/XZimbra.jsp
/opt/zimbra/mailboxd/webapps/zimbra/public/Ajax.jsp
/opt/zimbra/mailboxd/webapps/service/error/attachment_blocked.jsp
/opt/zimbra/mailboxd/webapps/zimbraAdmin/public/jsp/Debug.jsp

to december 2014, to hide that a line of code has been added to these files.

This is a direct and clear response to the
find /opt/zimbra/jetty/ -type f -name *jsp -mtime -60

Must switch to a more secure way to share these information


phoenix
Ambassador
Ambassador
Posts: 26388
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: This forum is being actively monitored by CVE-2019-9670 exploiters

Postby phoenix » Tue May 28, 2019 10:39 am

Perhaps a private group on Telegram might be more appropriate?
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
User avatar
gabrieles
Advanced member
Advanced member
Posts: 125
Joined: Tue Feb 14, 2017 9:40 am

Re: This forum is being actively monitored by CVE-2019-9670 exploiters

Postby gabrieles » Wed May 29, 2019 8:46 am

It's the farthest thing from the "community" and the "open" philosophy :( , but in this case could be of help...
phoenix
Ambassador
Ambassador
Posts: 26388
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: This forum is being actively monitored by CVE-2019-9670 exploiters

Postby phoenix » Wed May 29, 2019 9:38 am

gabrieles wrote:It's the farthest thing from the "community" and the "open" philosophy :( , but in this case could be of help...
I agree but I don't see any alternative if the forums are being 'monitored'. :) Perhaps you should only accept known users via their forum (long-standing accounts?) membership here?
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
User avatar
DualBoot
Elite member
Elite member
Posts: 1131
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: This forum is being actively monitored by CVE-2019-9670 exploiters

Postby DualBoot » Wed May 29, 2019 10:21 am

Sometime diffusion/distribution lists are better at this purpose.

Regards,

Return to “Administrators”

Who is online

Users browsing this forum: JDunphy and 5 guests