Difference between revisions of "Vulnerability Remediation"
(→For Lingoport Clients) |
|||
Line 73: | Line 73: | ||
</pre> |
</pre> |
||
+ | |||
+ | 3. Please reboot your system after replacing your libraries. This will ensure that the patch becomes fully effective. |
Revision as of 20:40, 11 December 2021
Contents
Lingoport's Response to Major Software Vulnerabilities
Apache Log4j Security Vulnerabilities
A major security vulnerability allowing for remote code execution on affected systems.
See: https://logging.apache.org/log4j/2.x/security.html
Lingoport Response
Pending further action, Lingoport has shut down all non-critical systems.
Critical systems have been patched to remove all copies of log4j 2.x with log4j 2.15 followed by a hard reboot.
For Lingoport Clients
The below scripts may be used in conjunction to replace all log4j 2.x with log4j 2.15.
1. Retrieve log4j 2.15:
cd /tmp/ curl -O https://dlcdn.apache.org/logging/log4j/2.15.0/apache-log4j-2.15.0-bin.zip unzip apache-log4j-2.15.0-bin.zip
2. Replace other log4j instances on your system with 2.15
The following script will replace vulnerable log4j libraries with 2.15. It searches all of /var /tomcat /home /opt /lib for the vulnerable libraries, and replace any that are found.
#!/bin/bash strip_version() { target="$1" echo "$target" | sed -E 's|-[0-9.]+.jar|-|' } if [[ ! -d /tmp/apache-log4j-2.15.0-bin/ ]] ; then echo >&2 "Please retrieve apache log4j 2.15 and unzip it in /tmp before running this script" exit 1 fi while read -r log4j_jar ; do if [[ -z "$log4j_jar" ]] ; then continue fi if [[ "$log4j_jar" == *"-2.15"* ]] ; then echo "Up to date: $log4j_jar" continue fi if [[ "$log4j_jar" == *"-1."* ]] ; then echo "1.x - safe: $log4j_jar" continue fi if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then echo "$log4j_jar" while read -r replace_target ; do user_group="$(stat -c "%U:%G" "$replace_target")" without_version="$(strip_version "$replace_target")" patched_jar="$(basename "$without_version")2.15.0.jar" echo "$replace_target - $perms - $without_version - $patched_jar" set -x cp /tmp/apache-log4j-2.15.0-bin/"$patched_jar" "$(dirname "$replace_target")" chown "$user_group" "$(dirname "$replace_target")/$patched_jar" mv "$replace_target" "$replace_target.orig.vulnerable" set +x done <<< "$(find "$(dirname "$log4j_jar")" -name "log4j*")" #cp "$log4j_jar" "$log4j_jar.orig.vulnerable" #zip -q -d "$log4j_jar" org/apache/logging/log4j/core/lookup/JndiLookup.class fi done <<< "$(find / '(' -path '/var*' -o -path '/tomcat*' -o -path '/home*' -o -path '/opt*' -o -path '/lib*' ')' -name 'log4j*.jar')"
3. Please reboot your system after replacing your libraries. This will ensure that the patch becomes fully effective.