Mitel and Log4j Vulnerably

[ralph]

If any one hears about the Log4j vulnerably, please be sure to post here.
It's seems to be taking a long time to update us.

Ralph

[lundah]

If any one hears about the Log4j vulnerably, please be sure to post here.
It's seems to be taking a long time to update us.

Ralph

Still waiting for the official word from Mitel.

I did get a notification from ASC that their call recording is impacted and they are working on a patch. I did scan my internal MiCollab and MiVB for anything matching "log4j" and it looks like MiCollab is using an older, unaffected version (1.7.2). Not seeing any hits at all on the MiVB.

[mark.vanderheijden]

Mitel has posted a security advisory with the affected applications:

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010

[Floppy1]

Hi

I have tried only one so far getting this ? any idea what may be causing this.

Thanks

[root@xxxxxxxxx]# curl -s https://downloads.mitel.io/security/security-log4j-MiCollab.sh | bash
This is the repair script which patches vulnerability from Mitel Security Advisory 21-0010 on MiCollab servers
Backing up...
tar: Cowardly refusing to create an empty archive
Try `tar --help' or `tar --usage' for more information.
Backup failed.
[root@xxxxxxxxx]#

[Dogbreath]

It means that 'find /var /opt /usr -name 'log4j-core*.jar'' returned no results.

Just tested this on a 9.4 system, works as expected.

Code: [Select]

[root@micollab ~]#  find /var /opt /usr -name 'log4j-core*.jar'
/var/lib/tomcat7/webapps/awv/WEB-INF/lib/log4j-core-2.13.3.jar
/var/lib/tomcat7/webapps/npm-pwg/WEB-INF/lib/log4j-core-2.13.3.jar
/var/lib/tomcat7/webapps/axis2-AWC/WEB-INF/lib/log4j-core-2.13.3.jar
/var/lib/tomcat7/webapps/MiCollabMeeting/WEB-INF/lib/log4j-core-2.8.jar
/var/lib/tomcat7/webapps/ChangeSettingsPortlet/WEB-INF/lib/log4j-core-2.14.1.jar
/var/lib/tomcat7/webapps/ChangePasscodePortlet/WEB-INF/lib/log4j-core-2.14.1.jar
/var/lib/tomcat7/webapps/npm-admin/WEB-INF/lib/log4j-core-2.13.3.jar
/var/lib/tomcat7/webapps/awcPortlet/WEB-INF/lib/log4j-core-2.14.1.jar
/var/lib/tomcat7/webapps/usp/WEB-INF/lib/log4j-core-2.14.1.jar
/var/lib/tomcat7/webapps/ChangePasswordPortlet/WEB-INF/lib/log4j-core-2.14.1.jar
/var/lib/tomcat7/webapps/LoginPortlet/WEB-INF/lib/log4j-core-2.14.1.jar
/opt/wildfly-8.2.1.Final/modules/system/layers/base/org/apache/logging/main/log4j-core-2.8.2.jar
/opt/intertel/classes/log4j-core-2.8.2.jar
/usr/awc/wss/log4j-core-2.13.3.jar
/usr/share/java/tomcat7/log4j-core-2.14.1.jar
/usr/mas/mom/server/lib/log4j-core-2.14.1.jar
/usr/mas/loginpinchange/bin/lib/log4j-core-2.14.1.jar


[lundah]

Mitel updated their Security Advisory on this late last night, MiCollab 9.x is impacted. They've got a patch published, apply using a curl command to download and run the patch shell script, but it requires a reboot of the MiCollab server. I've got about 70 systems that need to be patched, sending out notifications to my customers and basically telling them the window we're applying the patch in and to call us if they need to schedule outside of our window. You will want to jump on this ASAP, the vulnerability is actively being exploited to deploy ransomware.