![]() ![]() The underlying cause is another vulnerability ( CVE-2015-1197) in cpio, for which a fix is available. The vulnerability affects a component of the Zimbra suite called Amavis, and more specifically the cpio utility it uses to extract archives. On October 7, 2022, a proof of concept for this vulnerability was added to the Metasploit framework, laying the groundwork for massive and global exploitation from even low-sophistication attackers. Kaspersky investigated the threat and was able to confirm that unknown APT groups have actively been exploiting this vulnerability in the wild, one of which is systematically infecting all vulnerable servers in Central Asia. In addition, manual mitigation steps can be undertaken by system administrators to prevent successful exploitation (see below). At the moment, Zimbra has released a patch and shared its installation steps. The details they provided allowed Zimbra to confirm that an unknown vulnerability allowed attackers to upload arbitrary files to up-to-date servers. Hope that helps, and hope your Zimbra experience is a successful one.On September 10, 2022, a user reported on Zimbra’s official forums that their team detected a security incident originating from a fully patched instance of Zimbra. I'm just saying that I agree with you that you have to know at which man page(s) to look to get the answer(s) you need, so simplifying things and using very simple Google searches has for me been a boon-even with Zimbra problems where the overly simple Google search trick for me has found things on these forums that the Forum search tool didn't find as readily. I'm not trying to be snarky or even hint at RTFM or anything like that at all I've gotten a lot of help here on the forums and I am genuinely pleased for the opportunity to give back to the Zimbra community. If you ran a Google search for "forward root's mail", you would have found several more ways to skin this cat. If the need is both broad and fairly critical, then I find that overly simple Google searches generally get me the solution. Root: we could help Todd! This stuff is anything but intuitive.įWIW, whenever I get stumped trying to do something, I always ask myself whether the challenge at hand represents a pretty broad need and how critical that need is. # root-account, but also forwared to the email address indicated. Oot" will make sure that email is also delivered to the Then you don't have to check for important # email to "root" to the address of a HUMAN who deals with this # It is probably best to not work as user root and redirect all # > NOTE > after this file is updated for any changes # > The program "newaliases" will need to be run ![]() ![]() # This is the aliases file - it says who gets mail for whom. Here's the top part of the file from one of our utility servers: In SLES you can add an email address to the /etc/aliases file. Is there a way to do this? I'm sure this has already been written up but if someone can point me in the right direction I would appreciate it. What I would like to do is route all of these message to my admin inbox. You enter # mail at the prompt, then select messages by number to review. When you su to root, a message is displayed telling you that you have x new messages. Any system errors or noteworthy security log messages are sent to root's mbox for review. I'm using CentOS 5.2, when you install it sendmail is the default mta. Hey all, I did attempt to search the forum for routing all system and security log messages from mbox to the zimbra admin inbox but I got way too many results. ![]()
0 Comments
Leave a Reply. |