Log4j - Log4Shell Critical 10/10 vulnerbility 11

[Albus2]

PSN005946u is available regarding IP Office:

http://downloads.avaya.com/css/P8/documents/101079440

Products affected
IP Office Perpetual, Subscription, Powered By VM
Releases: 11.0.4.1 to 11.0.4.6. 11.1.0.0 to 11.1.2.0

Problem description
The one-X Portal for IP Office, Media Manager, Web RTC Gateway and Web Collaboration
applications are susceptible to the Log4j vulnerability CVE-2021-44228: Apache Log4j2 JNDI features
do not protect against attacker controlled LDAP and other JNDI related endpoints.

This issue does not affect IP Office Basic Edition, Preferred Edition, Branch deployments or IP Office
Powered By Containers

Resolution
A patch will be provided on or before 17th December 2021 to remediate all affected releases.

Workaround or alternative remediation
Ensure one-X Portal for IP Office, Media Manager, Web RTC Gateway and Web Collaboration
services are disabled

 

[Okkie26]

So still I think IPO500 is not affected.

Omly virtual, SE or cloud IPO's

 

[jallen2020]

Resolution
A patch will be provided on or before 17th December 2021 to remediate all affected releases."

Lol. Take your client's remote work services fully offline until we get our stuff together.

 

[CASSBusinessSystems]

Giving out a lot of stars. Hope everyone makes it through this week.

 

[JayNEC]

Correct, IP500 boxes are not affected. Voicemail Pro on Windows is not affected.

Server Edition and Application Server boxes are affected (no patches yet as of 12/17 07:30am EST)

SBCE is affected - and there's patches out now so patch them ASAP.



New England Communications

http://www.necomm.com

 

[kyle555]

Guess what you guys are doing all over again next week?

https://www.lunasec.io/docs/blog/log4j-zero-day-severity-of-cve-2021-45046-increased/

 

[daken]

Links are up
But plds not finding files.
They have hidden the links links in the last service pack.
looks like we are getting one for
11.0 fp4 sp 6 IPO11.0.4.6Patch-Log4j2 vulnerability.zip , 11.0.x
and
11.1 fp2 IPO11.1.2Patch-Log4j2 vulnerability.zip , 11.1.x

 

[Albus2]

Links are prepared, content will follow soon.

 

[IPOLackey]

Buggered if I'm upgrading everything to R11.1FP2 this weekend.

 

[Okkie26]

Seems like the downloads are available.

 

[Okkie26]

Oh great,

Seems that the r11.1 RPM's are corrupted.

2 crashed systems

Tnx Avaya.

 

[Okkie26]

Maybe I found something.

Seems that I had an 'old' version of 11.1.2 (237). Now there is a 11.1.2 (239)

Make sure you do use this version to upgrade your systems.

 

[tac84]

@Okkie26 - Yes this was the patched release to fix the issue associated with the software that was corrupting the J series IP Phones when upgrading from 4.0.7 up to 4.0.10.2. Anyone who upgraded to 11.1.2 (237) should upgrade to 11.1.2 (239). It doesn't have anything to do with the log4j issue though.

Thanks, Tim
Adelaide, Australia

 

[Okkie26]

Okay. Didn't know that one.

But still, we are not able to load and activate the rpm's .

On 11.0 it's working.
11.1 seems to be corrupted.

 

[bignose21]

I am on server edition 11.1.0.2 and reading the release notes for the 11.1.2.0 it looks like I need to perform an upgrade to be able to fix the Log4J as the release notes state "This critical patch is available on Avaya IP Office 11.1 Feature Pack 2 (R11.1.2.0) only, so any customer must first upgrade their IP Office systems to the GA version of this release." this I guess means they have no plan to bring out an 11.1.0.2 version. Guessing that upgrade is a fairly simple ISO upload and Upgrade as I am already on an 11.1 release?

 

[Albus2]

@bignose21,
Centos got upgraded again with FP2. Maybe this explains, why you must go to FP2 (build 239) first.

@Okkie26,
I can just tell about the systems I did upgrade so far. They do work as expected.

 

[Okkie26]

What the h*ll am I doing wrong???

I update the IPO to release 11.1.2.0.0 build 239 via webmanagement. Iso upload, then 'upgrade'.

So the my IP Offic eis on release 11.1.2.0.0 build 239. Weird thing is although I did not upload any rpm's there still is a yellow triangle up on the 'update' tab.

Then, I go to 'Settings', upload the rpm 'webcontrol-11.1.2000-240.el7.noarch.rpm'>

After that I go back tyo updates again, see that a update is available. Click on 'update' and then get an error that Webcontrol is not running.


Or, at another customer this part is working, but then I cannot update One-X portal, webcollaboration etc. It's just not working.

I'm getting annoyed by now.

 

[bignose21]

@Okkie26
I just updated our Lab server 11.1.0.2 to 11.1.2.0 using the ISO and web manager, that went ok. When I tried to update the Webcontrol it errored and then 7071 became inaccessible. I ssh in to the server and accessed root, did "service webcontrol status" and could see it stopped, I did "service webcontrol start" and it started, accessed the webpage on 7071 and had yellow triangle and update still available, just selected update again and it loaded.

I'll try the rest now, cant wait to do this on one of our live sites....not

 

[Albus2]

Does this help?

IP Office (Linux)
• Upgrade to 11.1 FP2 and then install the RPM for the Log4j fix.
• Upgrade to 11.0 FP4 SP6 and then install the RPM for the Log4j fix.
-> Update «WebControl» first, then all others
-> When done, reboot the server

As we work with the package which is getting updated, some error messages are normal.
Sometimes WebControl was not correctly shown after update. I.e., still old version, and 'upgrade' and 'change version' did not work. Ignore and reboot - OK.
I also had the yellow triangle, but nothing left to update. After server reboot, this was solved.

 

[Okkie26]

Okay, I'm getting a little further.

Same as with Bignose, I'm able to load the rpm's except for the webcontrol.

The point is, is that we can't get hold on of whats is happening when.

Some customers upgrade and update perfectly fine.

Some customers we are not able to install any of the patches.

And some of them upgrade and install patches except for webcontrol.

even customers who are (as far as we can see) perfectly the same, show different behahviour.

Most problems are with version 11.1

11.o seems to be working fine (but that is only upgrade and update one-x portal).