|
Back
|
Main view
Log4j critical vulnerability CVE-2021-44228 does not affect IMiS ARChive servers
Product:
IMiS/ARChive
Release:
All
Date:
12/15/2021
Case:
Critical vulnerability CVE-2021-44228 in Log4j library was recently discovered which allows an attacker who can control
log messages or its parameters remote code execution from LDAP servers, if message lookup substitution is enabled.
IMiS ARChive servers are not affected by this vulnerability because Log4j is not used during server operations.
Description:
Critical vulnerability CVE-2021-44228 in Log4j library allow an attacker remote code execution from LDAP servers
if message lookup substitution is enabled. Since IMiS ARChive server does not use Log4j library during its operations,
this vulnerability does not affect it. Jar files are located in server installation directory under "jvm/lib/ext/" and
can be checked with provided script. IMiS ARChive server 10.1.2010 may contain vulnerable Log4j library,
which is part of Lucene 8.6.2 bundle and is used by "lucene-luke-8.6.2.jar" which is a tool for introspecting full text
index. Since this tool is not actively used by IMiS ARChive server it does not represent vulnerability to the server.
Next jars can also be removed without affecting full text index operations:
log4j-api-2.13.2.jar
log4j-core-2.13.2.jar
lucene-luke-8.6.2.jar
CVE-2021-44228 can also be disabled by applying "log4j2.formatMsgNoLookups=true" to "JVMOptions" in server configuration file
(default location is "/etc/iarc.conf").
JVMOptions example:
JVMOptions=-Xmx4g::-Dlog4j2.formatMsgNoLookups=true
Linux script for CVE-2021-44228 vulnerability search (it uses default server installation path "/opt/IS/imisarc"):
find /opt/IS/imisarc/jvm/lib/ext/ -type f -name "*.jar" -exec sh -c "zipinfo -1 {} | grep JndiLookup.class && echo {}" \;
Related Documents:
https://www.cert.si/si-cert-2021-06/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
https://github.com/NCSC-NL/log4shell/blob/main/software/README.md
https://kb.vmware.com/s/article/87127
https://blog.cloudflare.com/exploitation-of-cve-2021-44228-before-public-disclosure-and-evolution-of-waf-evasion-patterns/
https://archive.apache.org/dist/lucene/java/8.6.2/
https://github.com/DmitryKey/luke
|
Back
|
Main view
Copyright © Imaging Systems Ltd, 2024