Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted December 11, 20213 yr Hello There is a vulnerability that has been discovered in popular Java logging library Log4j 2 which may allow attackers to run code remotely on your servers. Apache Log4j 2 is bundled with and used in many Java applications including Elasticsearch. So if you are using Elastic Search you may be vulnerable. Vulnerability info: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 As there is no official patches out yet and the exploitation of the vulnerability already started you may want to apply a workaround until an official patch released: So for Elasticsearch version 6.4 and up: Edit your jvm.options configuration file usually located at: /etc/elasticsearch/jvm.options and edit at the end this line: -Dlog4j2.formatMsgNoLookups=true Then restart Elastic Search using something: systemctl restart elasticsearch If you are using ELastic Search version 6.3 and and any earlier version please upgrade asap to the latest supported version by Invision. The 6.3 and earlier versions are using an old version of Log4j which means the above workaround will not work ! Update also your JDK : When running on older JDKs, an attacker is able to inject and execute a remote Java class. On recent JDKs the attack is limited to potential DoS - causing data ingestion to temporarily stop - and information leakage, but no remote code execution attack vectors are known. Keep your servers secured !!!! Thanks Edited December 11, 20213 yr by ASTRAPI
December 12, 20213 yr Good explanation here https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j