[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Zimbra zero-day exploit

To: Csillag Tamas <cstamas@digitus.itk.ppke.hu>
Subject: Re: Zimbra zero-day exploit
From: Xueshan Feng <sfeng@stanford.edu>
Date: Sun, 8 Dec 2013 14:47:45 -0800 (PST)
Cc: Steve Hillman <hillman@sfu.ca>, zimbra-hied-admins <zimbra-hied-admins@sfu.ca>
In-reply-to: <20131208223635.GM2931@rivendell>
List-help: <mailto:zimbra-hied-admins-request@sfu.ca?subject=help> (List Instructions)
List-id: <zimbra-hied-admins.sfu.ca>
List-owner: <mailto:owner-zimbra-hied-admins@sfu.ca>
List-unsubscribe: <mailto:zimbra-hied-admins-request@sfu.ca?subject=unsubscribe>
References: <606309811.459804637.1386538104537.JavaMail.root@jaguar7.sfu.ca> <889537228.9364125.1386541545194.JavaMail.zimbra@stanford.edu> <20131208223635.GM2931@rivendell>
Thread-index: 2DQffqvjW/NAiamJqOrhDrpakrwe1A==
Thread-topic: Zimbra zero-day exploit

----- Original Message -----
> Hi,
> 
> On Sun, Dec 08, 2013 at 02:25:45PM -0800, Xueshan Feng wrote:
> > 
> > Steve,
> > 
> > Shouldn't 7071 only open to some internal network/bastion host? The quick
> > fix probably is to tighten up the port 7071 access.
> > 
> > I also tried to run the code on a system that has access to a test ZCS
> > 8.0.5 server's port 7071.
>  
> I can confirm 8.0.5 seems to be safe.

8.0.4 is also fine, but it might be a matter of adjusting query strings to count for the version differences.  
It is safer to limit the admin port to known system through hardware and 
host based firewall rules. There is no need to open 7071 to untrusted systems. 

Xueshan

> 
> Regards,
>  Tamas
> --
> CSILLAG Tamas (cstamas) - http://cstamas.hu/
> PPKE IT
> 

-- 

Xueshan Feng <sfeng@stanford.edu>
Technical Lead, IT Services, Stanford University

References:
- Zimbra zero-day exploit
  - From: Steve Hillman <hillman@sfu.ca>
- Re: Zimbra zero-day exploit
  - From: Xueshan Feng <sfeng@stanford.edu>
- Re: Zimbra zero-day exploit
  - From: Csillag Tamas <cstamas@digitus.itk.ppke.hu>

Prev by Date: Re: Zimbra zero-day exploit
Next by Date: Re: Zimbra zero-day exploit
Previous by thread: Re: Zimbra zero-day exploit
Next by thread: Re: Zimbra zero-day exploit
Index(es):
- Date
- Thread