[Users] Last security patch
David Touitou
david at network-studio.com
Tue Mar 19 12:55:33 CET 2019
Hi.
> One of the Zimbra security recommendations is to block incoming memcache
> connection from anywhere else than Zimbra servers.
This was initialy to avoid using Zimbra's memcached for DDoS.
https://www.cloudflare.com/learning/ddos/memcached-ddos-attack/
> Is Zimbra vulnerable if memcache service is filtered by iptables ?
>From my understanding of the blog post, the memcached injection could be done throught ProxyServlet, even it is showned through direct http injection into memcached.
Quoting: "Zimbra has quite a few SSRFs in itself, however there's only one place that suffices both conditions, and it happens to be the all-powerful ProxyServlet earlier."
So it looks like it is vulnerable even if filtered.
David
More information about the Users
mailing list