back to article Quick: Manually patch this Zimbra bug that's under attack

A vulnerability in Zimbra's software is being exploited right now by miscreants to compromise systems and attack selected government organizations, experts reckon. An update to squash the security bug won't be pushed out until later this month, according to the developer, which for now has "kindly" asked customers to manually …

  1. t245t
    Boffin

    Highly insightful analysis from elReg reporter

    ‘The flaw .. “could potentially impact the confidentiality and integrity of your data” .. In other words, the bug can be exploited to steal or alter information among other things.’

    I think we got it the first time :)

    - quote -

    Before the update, the line appeared as below

    <input name="st" type="hidden" value="${param.st}"/>

    After the update, the line should appear as below

    <input name="st" type="hidden" value="${fn:escapeXml(param.st)}"/>

    - unquote -

    Seems perfectly clear to me /s

  2. Anonymous Coward
    Anonymous Coward

    Zimbra IS NOT THE TARGET........

    Why does this article not EMPHASISE that there are many ordinary -- non-technical -- people out there who have no idea about the compromise of their personal information.

    I'm reminded about the deafening silence about the Royal Free Trust and Google/Deepmind:

    - Link: https://www.theguardian.com/technology/2017/jul/03/google-deepmind-16m-patient-royal-free-deal-data-protection-act

    And then there's the repeated claim about the protection offered by "anonymised" data, except for this:

    - Link: https://www.theguardian.com/technology/2019/jul/23/anonymised-data-never-be-anonymous-enough-study-finds

    So....the technically educated might get to know -- and do something about it ..........but millions of the rest of us get exploited in ways we can never know about!

    Roll up! Roll up! Get the latest shiny!! .... And get exploited!!!

  3. razorfishsl

    You would have to be insane to be using Zimbra.....

    This software has been absolutely riffled with critical exploits since the release of the original version...

    every few months its "hay look another critical 9.x bug in zimbra"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like