Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Active scanning for Apache Log4j 2 vulnerability

Status
Not open for further replies.

Mitel have published an alert (AL405) on their knowledge base. They are assessing the impact of this CVE on their products.

They say they will provide an update as soon as possible.
 
Cheers - Signed up for the updates now as well

Many thanks Richard
 
Hi

I have tried to update one but I am getting this any ideas ?

Thanks

[root@xxxxxxxx]# curl -s | bash
This is the repair script which patches vulnerability from Mitel Security Advisory 21-0010 on MiCollab servers
Backing up...
tar: Cowardly refusing to create an empty archive
Try `tar --help' or `tar --usage' for more information.
Backup failed.
[root@xxxxxxxx]#
 

Are you on a release 9.0 to 9.4 MiCollab server?

If this line in the script doesn't find any files, there won't be anything to add to the backup archive and you would see this error.

Code:
find /var /opt /usr -name 'log4j-core*.jar' | xargs tar cvzf /root/security-log4j-MiCollab.backup.tgz
 
Hi techymitel

My mistake I was trying on an MSL hosting MiVb ! Once on the correct MSL it worked fine.

Thanks
 
Our provider used the same script on our MiCollab.
What wondered me, a file lookup did show several log4j 2.x files below 2.15/2.16/2.17


I used
cd /
find . -name "log4j"
 
log4j does not have to be upgraded to fix the issue, specifically, a configuration change for log4j 2.10.0 and higher is all that's required, this is what the script does.


If its not broke tweak it..
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top