Vulnerability Remediation

From Lingoport Wiki
Revision as of 20:39, 11 December 2021 by Masnes (talk | contribs)
Jump to: navigation, search

Lingoport's Response to Major Software Vulnerabilities

Apache Log4j Security Vulnerabilities

A major security vulnerability allowing for remote code execution on affected systems.

See: https://logging.apache.org/log4j/2.x/security.html

Lingoport Response

Pending further action, Lingoport has shut down all non-critical systems.

Critical systems have been patched to remove all copies of log4j 2.x with log4j 2.15 followed by a hard reboot.

For Lingoport Clients

The below scripts may be used in conjunction to replace all log4j 2.x with log4j 2.15.

1. Retrieve log4j 2.15: 

cd /tmp/
curl -O https://dlcdn.apache.org/logging/log4j/2.15.0/apache-log4j-2.15.0-bin.zip 
unzip apache-log4j-2.15.0-bin.zip

2. Replace other log4j instances on your system with 2.15

The following script will replace vulnerable log4j libraries with 2.15. It searches all of /var /tomcat /home /opt /lib for the vulnerable libraries, and replace any that are found. 

#!/bin/bash

strip_version() {
    target="$1"
    echo "$target" | sed -E 's|-[0-9.]+.jar|-|'
}

if [[ ! -d /tmp/apache-log4j-2.15.0-bin/ ]] ; then
    echo >&2 "Please retrieve apache log4j 2.15 and unzip it in /tmp before running this script"
    exit 1
fi

while read -r log4j_jar ; do
    if [[ -z "$log4j_jar" ]] ; then
        continue
    fi
    if [[ "$log4j_jar" == *"-2.15"* ]] ; then
        echo "Up to date: $log4j_jar"
        continue
    fi
    if [[ "$log4j_jar" == *"-1."* ]] ; then
        echo "1.x - safe: $log4j_jar"
        continue
    fi
    if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
        echo "$log4j_jar"
        while read -r replace_target ; do
            user_group="$(stat -c "%U:%G" "$replace_target")"
            without_version="$(strip_version "$replace_target")"
            patched_jar="$(basename "$without_version")2.15.0.jar"
            echo "$replace_target - $perms - $without_version - $patched_jar"
            set -x
            cp /tmp/apache-log4j-2.15.0-bin/"$patched_jar" "$(dirname "$replace_target")"
            chown "$user_group" "$(dirname "$replace_target")/$patched_jar"
            mv "$replace_target" "$replace_target.orig.vulnerable"
            set +x
        done <<< "$(find "$(dirname "$log4j_jar")" -name "log4j*")"
        #cp "$log4j_jar" "$log4j_jar.orig.vulnerable"
        #zip -q -d "$log4j_jar" org/apache/logging/log4j/core/lookup/JndiLookup.class
    fi
done <<< "$(find / '(' -path '/var*' -o -path '/tomcat*' -o -path '/home*' -o -path '/opt*' -o -path '/lib*' ')' -name 'log4j*.jar')"
Retrieved from "http://wiki.lingoport.com/index.php?title=Vulnerability_Remediation&oldid=95725"