[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Zimbra zero-day exploit

To: Csillag Tamas <cstamas@digitus.itk.ppke.hu>
Subject: Re: Zimbra zero-day exploit
From: "Thom O'Connor" <thom@zimbra.com>
Date: Sun, 8 Dec 2013 14:52:22 -0800 (PST)
Cc: Xueshan Feng <sfeng@stanford.edu>, Steve Hillman <hillman@sfu.ca>, zimbra-hied-admins <zimbra-hied-admins@sfu.ca>
Dkim-filter: OpenDKIM Filter v2.8.4 edge02-zcs.vmware.com 9E405401
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zimbra.com; s=C2AA288C-EE47-11E2-9BB0-E820BDD9BDBF; t=1386543143; bh=1eGYjjTam4dCDsKJMcW7jl1rCtUETl0mynfffDXuGw4=; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-Id: From:Subject:Date:To; b=Hj2h06YdfRF9pnqT4+zNWlDK5DwS3gKgkVqbxgGj7q9cdY2LDrnGjmoO1sLq6G3hI cFjDzdk9tBk4bFvL4T48cTb4q4eZrsvw5Ei1nX1EuDqOeF5tRVOJBCyUvepts+dQb1 yqLCMvF/OWi9WozL+VfYP6IOw2ujHlrTzRnZQnWA=
In-reply-to: <20131208223635.GM2931@rivendell>
List-help: <mailto:zimbra-hied-admins-request@sfu.ca?subject=help> (List Instructions)
List-id: <zimbra-hied-admins.sfu.ca>
List-owner: <mailto:owner-zimbra-hied-admins@sfu.ca>
List-unsubscribe: <mailto:zimbra-hied-admins-request@sfu.ca?subject=unsubscribe>
References: <606309811.459804637.1386538104537.JavaMail.root@jaguar7.sfu.ca> <889537228.9364125.1386541545194.JavaMail.zimbra@stanford.edu> <20131208223635.GM2931@rivendell>
Thread-index: 2bJP4QQJC6GF7qbufzarlufc9A7nOQ==
Thread-topic: Zimbra zero-day exploit

Hi all,

More details when I'm not on a mobile device - this issue is fixed in 7.2.2 Patch 2 and later, and fixed in 8.0.2 Patch 1 and later.

Sincerely,
-t (mobile)

> On Dec 8, 2013, at 15:43, Csillag Tamas <cstamas@digitus.itk.ppke.hu> wrote:
> 
> Hi,
> 
>> On Sun, Dec 08, 2013 at 02:25:45PM -0800, Xueshan Feng wrote:
>> 
>> Steve,
>> 
>> Shouldn't 7071 only open to some internal network/bastion host? The quick fix probably is to tighten up the port 7071 access.
>> 
>> I also tried to run the code on a system that has access to a test ZCS 8.0.5 server's port 7071.  
> 
> I can confirm 8.0.5 seems to be safe.
> 
> Regards,
> Tamas
> -- 
> CSILLAG Tamas (cstamas) - http://cstamas.hu/
> PPKE IT

References:
- Zimbra zero-day exploit
  - From: Steve Hillman <hillman@sfu.ca>
- Re: Zimbra zero-day exploit
  - From: Xueshan Feng <sfeng@stanford.edu>
- Re: Zimbra zero-day exploit
  - From: Csillag Tamas <cstamas@digitus.itk.ppke.hu>

Prev by Date: Re: Zimbra zero-day exploit
Next by Date: Re: Zimbra zero-day exploit
Previous by thread: Re: Zimbra zero-day exploit
Next by thread: Re: Zimbra zero-day exploit
Index(es):
- Date
- Thread