Security Advisory - Log4J Zero-Day
First published on Dec 13, 2021.
Last edited on December 21, 2021.
What is Log4J?
Log4j is an open-source Java logging library developed by the Apache Foundation. It is widely used in many applications and is present in many services as a dependency. This includes enterprise applications, like the Enterprise File Fabric.
What is the vulnerability?
The vulnerability, assigned CVE-2021-44228, potentially enables remote code execution abilities, if unsanitized user input is passed to this component. Further information on the vulnerability can be found here:
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
https://www.ncsc.gov.uk/news/apache-log4j-vulnerability
Apache Solr releases are not affected by the follow on CVE-2021-45046 and CVE-2021-45105 vulnerabilities, because the MDC patterns used by Solr are for the collection, shard, replica, core and node names, and a potential trace id, which are all sanitized and injected into log files with “%X”. Passing system property log4j2.formatMsgNoLookups=true (as described below) is suitable to mitigate.
Is the Enterprise File Fabric affected?
Versions of the File Fabric before Enterprise File Fabric v2106 do not use an affected version of Log4J.
New installations of the v2106.00 (or greater) Enterprise File Fabric deployed before Dec. 14, 2021 utilizes an affected version of Log4J as part of its Apache Solr service. Because the Solr service does not receive unsanitized user input, it is not affected by this vulnerability.
What steps should I take?
If you are running a pre-2106 version of the File Fabric, or you upgraded your File Fabric to v2106 or above from an older version, or if Storage Made Easy manages your File Fabric then no action is needed.
On-Premises (Customer-Managed) File Fabrics
As a precaution and consistent with security best practices, if the first deployed version of your File Fabric was v2106 or above and it was deployed prior to Dec. 14, 2021 then please run the following command:
yum update sme-containers-solr
This command will either update your File Fabric's Solr container or report that there is nothing to do. Either result indicates that no further action is necessary.
If you encounter any issues then please contact support@storagemadeeasy.com
File Fabrics Managed by Storage Made Easy
If Storage Made Easy manages your File Fabric then you need not take any action. Storage Made Easy has already updated your Solr container if needed.