Hello
Following an update of my UTM my Znuny server v6.3 (with IP 172.16.0.83) is blocked by my IPS service:
Deny src_ip=172.16.0.83 dst_ip=172.16.0.254 pr=icmp src_port= dst_port= src_intf=Lan server dst_intf=Firebox msg=blocked sites (reason = IPS autoblock: rule id=1135986) pckt_len=84 ttl=64 policy=(Ping-00) proxy_action= proc_id="firewall" rc="101" msg_id="3000-0173"
reason = IPS autoblock: rule id=1135986 corresponds to "IMAP Dovecot and Pigeonhole Remote Code Execution -1 (CVE-2019-11500)"
For the moment, my server is completely isolated from the rest of the network.
What in Znuny is causing this?
Thank you in advance
IPS Security alert with my Znuny server
Moderator: crythias
-
- Znuny superhero
- Posts: 629
- Joined: 24 Feb 2012, 03:58
- Znuny Version: LTS and Features
- Real Name: Mo Azfar
- Location: Kuala Lumpur, MY
- Contact:
Re: IPS Security alert with my Znuny server
https://cve.mitre.org/cgi-bin/cvename.c ... 2019-11500
This is perhaps Dovecot issue that installed within the server
This is perhaps Dovecot issue that installed within the server
My Github
OTRS CE/LTS Discord Channel
Cant Update Package Anymore ? Check This
Professional OTRS, Znuny & OTOBO services: efflux.de/en
Free and premium add-ons: English
OTRS CE/LTS Discord Channel
Cant Update Package Anymore ? Check This
Professional OTRS, Znuny & OTOBO services: efflux.de/en
Free and premium add-ons: English
Re: IPS Security alert with my Znuny server
It's true that I forgot to mention that I'm running Debian 11.
And the commands: "service dovecot status" and "service postfix status" returns "unit service.postfix could not be found" and "unit service.dovecot could not be found"
In/etc/ postfix and dovecot are not presents
And the commands: "service dovecot status" and "service postfix status" returns "unit service.postfix could not be found" and "unit service.dovecot could not be found"
In/etc/ postfix and dovecot are not presents
-
- Administrator
- Posts: 3976
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: IPS Security alert with my Znuny server
Hi,
Nothing in Znuny is related to this. When I read your log entry correctly, it's an ICMP/ping that causing this. There is no component in Znuny or add-ons from Znuny where an ICMP/ping is executed.
- Roy
Nothing in Znuny is related to this. When I read your log entry correctly, it's an ICMP/ping that causing this. There is no component in Znuny or add-ons from Znuny where an ICMP/ping is executed.
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Re: IPS Security alert with my Znuny server
Ok thank you
so I'll look for the origin elsewhere.
so I'll look for the origin elsewhere.