Modern and innovative protection of your company data.
Overview Data Protection
Managed-Service solutions tailored to your needs
Overview Empalis Service Plus
Maximum productivity at minimum cost. Efficient and resource-saving.
Overview System Services
Well-founded know-how transfer to you and your employees.
Overview Competence Center
Professional competence and technical expertise down to the last detail.
Overview Services
IT specialists of today and tomorrow.
Overview Company
André Wild — 15. December 2021Lesezeit: 1:17 Minuten
IBM released a mitigation patch for EKMF.
IBM released a mitigation patch for EKMF. It will overwrite the content of any file matching the following case insensitive pattern which is stored under "/opt/ibm". "*log4j-core*.jar""*log4j-api*.jar" It currently uses "log4j-core-2.15.0.jar" and "log4j-api-2.15.0.jar". Unfortunately they do not check the return values of the overwrite command. Therefore read the logs closely or execute the mitigation patch twice. Because it s checks if the file was previously updated.
"*log4j-core*.jar"
"*log4j-api*.jar"
You can also use the following commands to make sure you've upgraded the files properly:
log4j - v2.15.0
find /opt/ibm -iname "*log4j-core*.jar" -exec echo 81e0433ae00602c0e4d00424d213b0ab {} \; 2>/dev/null | md5sum -c -find /opt/ibm -iname "*log4j-api*.jar" -exec echo a9ccfa7e3382dd2b9e0647a43d8286d7 {} \; 2>/dev/null | md5sum -c - log4j - v2.16.0
find /opt/ibm -iname "*log4j-core*.jar" -exec echo 81e0433ae00602c0e4d00424d213b0ab {} \; 2>/dev/null | md5sum -c -
find /opt/ibm -iname "*log4j-api*.jar" -exec echo a9ccfa7e3382dd2b9e0647a43d8286d7 {} \; 2>/dev/null | md5sum -c -
find /opt/ibm -iname "*log4j-core*.jar" -exec echo 9f41928a418200de2232dd326e522cc7 {} \; 2>/dev/null | md5sum -c -find /opt/ibm -iname "*log4j-api*.jar" -exec echo ade293913c90e835c2deb56cbfa2229b {} \; 2>/dev/null | md5sum -c -
find /opt/ibm -iname "*log4j-core*.jar" -exec echo 9f41928a418200de2232dd326e522cc7 {} \; 2>/dev/null | md5sum -c -
find /opt/ibm -iname "*log4j-api*.jar" -exec echo ade293913c90e835c2deb56cbfa2229b {} \; 2>/dev/null | md5sum -c -
In addition you can use the following commands to look for unpatched log4j libraries on your filesystem:
find / -iname "*log4j-core*.jar" -exec echo 81e0433ae00602c0e4d00424d213b0ab {} \; 2>/dev/null | md5sum -c -find / -iname "*log4j-api*.jar" -exec echo a9ccfa7e3382dd2b9e0647a43d8286d7 {} \; 2>/dev/null | md5sum -c -
find / -iname "*log4j-core*.jar" -exec echo 81e0433ae00602c0e4d00424d213b0ab {} \; 2>/dev/null | md5sum -c -
find / -iname "*log4j-api*.jar" -exec echo a9ccfa7e3382dd2b9e0647a43d8286d7 {} \; 2>/dev/null | md5sum -c -
log4j - v2.16.0
find / -iname "*log4j-core*.jar" -exec echo 9f41928a418200de2232dd326e522cc7 {} \; 2>/dev/null | md5sum -c -find / -iname "*log4j-api*.jar" -exec echo ade293913c90e835c2deb56cbfa2229b {} \; 2>/dev/null | md5sum -c - Please notice that the currently available EKMF mitigation patch includes v2.15.0 and not v2.16.0 which completely disables the jndi logging features. Version 2.15.0 of log4j is still affected by CVE-2021-45046. For more details read the description in https://nvd.nist.gov/vuln/detail/CVE-2021-45046.
find / -iname "*log4j-core*.jar" -exec echo 9f41928a418200de2232dd326e522cc7 {} \; 2>/dev/null | md5sum -c -
find / -iname "*log4j-api*.jar" -exec echo ade293913c90e835c2deb56cbfa2229b {} \; 2>/dev/null | md5sum -c -