NewsEKMF Mitigation for log4j - CVE-2021-44228

André Wild — 15. Dezember 2021
Lesezeit: 1:17 Minuten

EKMF Mitigation for log4j - CVE-2021-44228

IBM released a mitigation patch for EKMF.

IBM released a mitigation patch for EKMF. It will overwrite the content of any file matching the following case insensitive pattern which is stored under "/opt/ibm".

"*log4j-core*.jar"
"*log4j-api*.jar

It currently uses "log4j-core-2.15.0.jar" and "log4j-api-2.15.0.jar". Unfortunately they do not check the return values of the overwrite command. Therefore read the logs closely or execute the mitigation patch twice. Because it s checks if the file was previously updated.

You can also use the following commands to make sure you've upgraded the files properly

log4j - v2.15.0

find /opt/ibm -iname "*log4j-core*.jar" -exec echo 81e0433ae00602c0e4d00424d213b0ab {} \; 2>/dev/null | md5sum -c -
find /opt/ibm -iname "*log4j-api*.jar" -exec echo a9ccfa7e3382dd2b9e0647a43d8286d7 {} \; 2>/dev/null | md5sum -c -

log4j - v2.16.0

find /opt/ibm -iname "*log4j-core*.jar" -exec echo 9f41928a418200de2232dd326e522cc7 {} \; 2>/dev/null | md5sum -c -
find /opt/ibm -iname "*log4j-api*.jar" -exec echo ade293913c90e835c2deb56cbfa2229b {} \; 2>/dev/null | md5sum -c -

In addition you can use the following commands to look for unpatched log4j libraries on your filesystem

log4j - v2.15.0

find / -iname "*log4j-core*.jar" -exec echo 81e0433ae00602c0e4d00424d213b0ab {} \; 2>/dev/null | md5sum -c -
find / -iname "*log4j-api*.jar" -exec echo a9ccfa7e3382dd2b9e0647a43d8286d7 {} \; 2>/dev/null | md5sum -c -

log4j - v2.16.0

find / -iname "*log4j-core*.jar" -exec echo 9f41928a418200de2232dd326e522cc7 {} \; 2>/dev/null | md5sum -c -
find / -iname "*log4j-api*.jar" -exec echo ade293913c90e835c2deb56cbfa2229b {} \; 2>/dev/null | md5sum -c -

Please notice that the currently available EKMF mitigation patch includes v2.15.0 and not v2.16.0 which completely disables the jndi logging features.
 
 
Version 2.15.0 of log4j is still affected by CVE-2021-45046. For more details read the description in https://nvd.nist.gov/vuln/detail/CVE-2021-45046.

Sprechen Sie uns gerne an, wenn Sie Fragen haben.

Ihr Empalis Team

Sie haben sich für dieses Thema interessiert, vielleicht möchten Sie weiterlesen