Official Red Hat log4j checker finds positive

jeffschips

Well-Known Member
Jun 5, 2016
248
30
78
new york
cPanel Access Level
Root Administrator
Hello. I hope everyone is safe and healthy.

Here is a link to a red hat checker:


scroll down and download.

When I ran it I found the following in a cache directory, does anyone know what these results means and how to mitigate? I've since changed permissions on that directory blocking any public access.

The script only spits out this information, or if nothing found, says so. In this case it reported these CVE.

CVE_2021_44228_backtrack
CVE_2021_44228_catalog
CVE_2021_44228_decompressed
CVE_2021_44228_detections
CVE_2021_44228_parents
CVE_2021_44228_queue
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
1,046
111
118
Houston, TX
cPanel Access Level
Root Administrator
Hello!

On Friday, December 10, 2021, a vulnerability for Log4j was announced in CVE-2021-44228.

The only service provided by the cPanel software that uses the logging utility Log4j is cpanel-dovecot-solr. If you do not have this installed, then your server is secure.

The same day the vulnerability was announced, we published an update with the mitigation for CVE-2021-44228 to the cpanel-dovecot-solr RPM in version 8.8.2-4+. This patch will automatically be applied during the nightly updates if this package is installed. On new installations of Dovecot_FTS it will include the patched RPM by default.

You can check if this RPM is installed by running the following command.

On RPM based versions:

Code:
rpm -q cpanel-dovecot-solr --changelog | grep CVE-2021-44228
On Ubuntu based versions:

Code:
zgrep -E CVE-2021-44228 /usr/share/doc/cpanel-dovecot-solr/changelog.Debian.gz
Example if installed:

Code:
rpm -q cpanel-dovecot-solr
cpanel-dovecot-solr-8.8.2-4.11.1.cpanel.noarch
Please let us know if you have any questions.
 

jeffschips

Well-Known Member
Jun 5, 2016
248
30
78
new york
cPanel Access Level
Root Administrator
Elasticsearch is identified as one of the vulnerable apps. I believe Horde is part of cpanel. Any concern?

/usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4
/usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4/COPYING
/usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4/examples
/usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4/examples/add.php
/usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4/examples/count.php
/usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4/examples/get.php
/usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4/examples/map.php
/usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4/examples/search.php
/usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4/examples/status.php
 

spaceman

Well-Known Member
Mar 25, 2002
517
8
318
The only service provided by the cPanel software that uses the logging utility Log4j is cpanel-dovecot-solr. If you do not have this installed, then your server is secure.
If it's not a dumb question... surely it's possible that software NOT provided by cPanel, which DOES include the affected Log4j software, has been installed on cPanel servers?

If this is the case, then surely it's not strictly true to state that "If you do not have this (cpanel-dovecot-solr) installed, then your server is secure."

?
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
1,046
111
118
Houston, TX
cPanel Access Level
Root Administrator
If it's not a dumb question... surely it's possible that software NOT provided by cPanel, which DOES include the affected Log4j software, has been installed on cPanel servers?

If this is the case, then surely it's not strictly true to state that "If you do not have this (cpanel-dovecot-solr) installed, then your server is secure."

?
My apologies for the reductive statement. I simply mean that the support cPanel-side aspects of the server would be secure.