Author Topic: Mitel and Log4j Vulnerably  (Read 2942 times)

Online ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5767
  • Country: us
  • Karma: +469/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Mitel and Log4j Vulnerably
« on: December 13, 2021, 01:22:58 PM »
If any one hears about the Log4j vulnerably, please be sure to post here.
It's seems to be taking a long time to update us.

Ralph


Offline lundah

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1216
  • Country: us
  • Karma: +66/-0
  • Senior Chief Grunt
    • View Profile
Re: Mitel and Log4j Vulnerably
« Reply #1 on: December 13, 2021, 03:04:22 PM »
If any one hears about the Log4j vulnerably, please be sure to post here.
It's seems to be taking a long time to update us.

Ralph

Still waiting for the official word from Mitel.

I did get a notification from ASC that their call recording is impacted and they are working on a patch. I did scan my internal MiCollab and MiVB for anything matching "log4j" and it looks like MiCollab is using an older, unaffected version (1.7.2). Not seeing any hits at all on the MiVB.

Offline mark.vanderheijden

  • Full Member
  • ***
  • Posts: 130
  • Country: nl
  • Karma: +8/-0
    • View Profile
Re: Mitel and Log4j Vulnerably
« Reply #2 on: December 14, 2021, 05:40:14 AM »
Mitel has posted a security advisory with the affected applications:

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010

Offline Floppy1

  • Contributer
  • *
  • Posts: 25
  • Country: england
  • Karma: +1/-0
    • View Profile
Re: Mitel and Log4j Vulnerably
« Reply #3 on: December 15, 2021, 07:27:13 AM »
Hi

I have tried only one so far getting this ? any idea what may be causing this.

Thanks

[root@xxxxxxxxx]# curl -s https://downloads.mitel.io/security/security-log4j-MiCollab.sh | bash
This is the repair script which patches vulnerability from Mitel Security Advisory 21-0010 on MiCollab servers
Backing up...
tar: Cowardly refusing to create an empty archive
Try `tar --help' or `tar --usage' for more information.
Backup failed.
[root@xxxxxxxxx]#

Offline Dogbreath

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 396
  • Country: gb
  • Karma: +18/-0
    • View Profile
Re: Mitel and Log4j Vulnerably
« Reply #4 on: December 15, 2021, 07:36:37 AM »
It means that 'find /var /opt /usr -name 'log4j-core*.jar'' returned no results.

Just tested this on a 9.4 system, works as expected.

Code: [Select]
[root@micollab ~]#  find /var /opt /usr -name 'log4j-core*.jar'
/var/lib/tomcat7/webapps/awv/WEB-INF/lib/log4j-core-2.13.3.jar
/var/lib/tomcat7/webapps/npm-pwg/WEB-INF/lib/log4j-core-2.13.3.jar
/var/lib/tomcat7/webapps/axis2-AWC/WEB-INF/lib/log4j-core-2.13.3.jar
/var/lib/tomcat7/webapps/MiCollabMeeting/WEB-INF/lib/log4j-core-2.8.jar
/var/lib/tomcat7/webapps/ChangeSettingsPortlet/WEB-INF/lib/log4j-core-2.14.1.jar
/var/lib/tomcat7/webapps/ChangePasscodePortlet/WEB-INF/lib/log4j-core-2.14.1.jar
/var/lib/tomcat7/webapps/npm-admin/WEB-INF/lib/log4j-core-2.13.3.jar
/var/lib/tomcat7/webapps/awcPortlet/WEB-INF/lib/log4j-core-2.14.1.jar
/var/lib/tomcat7/webapps/usp/WEB-INF/lib/log4j-core-2.14.1.jar
/var/lib/tomcat7/webapps/ChangePasswordPortlet/WEB-INF/lib/log4j-core-2.14.1.jar
/var/lib/tomcat7/webapps/LoginPortlet/WEB-INF/lib/log4j-core-2.14.1.jar
/opt/wildfly-8.2.1.Final/modules/system/layers/base/org/apache/logging/main/log4j-core-2.8.2.jar
/opt/intertel/classes/log4j-core-2.8.2.jar
/usr/awc/wss/log4j-core-2.13.3.jar
/usr/share/java/tomcat7/log4j-core-2.14.1.jar
/usr/mas/mom/server/lib/log4j-core-2.14.1.jar
/usr/mas/loginpinchange/bin/lib/log4j-core-2.14.1.jar
« Last Edit: December 15, 2021, 09:18:17 AM by Dogbreath »

Offline lundah

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1216
  • Country: us
  • Karma: +66/-0
  • Senior Chief Grunt
    • View Profile
Re: Mitel and Log4j Vulnerably
« Reply #5 on: December 15, 2021, 10:28:22 AM »
Mitel updated their Security Advisory on this late last night, MiCollab 9.x is impacted. They've got a patch published, apply using a curl command to download and run the patch shell script, but it requires a reboot of the MiCollab server. I've got about 70 systems that need to be patched, sending out notifications to my customers and basically telling them the window we're applying the patch in and to call us if they need to schedule outside of our window. You will want to jump on this ASAP, the vulnerability is actively being exploited to deploy ransomware.


 

Sitemap 1 2 3 4 5 6 7 8 9 10