| Impact of Log4j vulnerability on GFI [message #150660] |
Tue, 14 December 2021 00:54  |
Razvan Soranescu
Messages: 17
Registered: September 2021
|
|
|
|
A new 0-day vulnerability, formally known as CVE-2021-44228, was published on the NIST National Vulnerability Database on Friday, December 10. It is found in the Log4j Java library.
Log4j is a popular open source logging library made by the Apache Software Foundation. The security vulnerability found in Log4j allows hackers to execute remote commands on a target system. The severity of the vulnerability is classified as "Critical" by NIST.
How are GFI products impacted?
The GFI development team is reviewing our products for use of Log4j.
A function of Kerio Connect utilizes Log4j, and a recommended mitigation is identified below.
If we identify any additional recommended mitigations, we will provide a follow up communication. Additional information, when available, will also be posted on https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/.
Kerio Connect vulnerability mitigation
Log4j is used in Kerio Connect as part of the chat function. We recommend that all Kerio Connect users temporarily disable the chat function in the software.
To disable chat in Kerio Connect:
Go to Configuration
Click on Domains
Double-click on the desired domain
Find the "Chat" section on the General tab
Deselect the "Enable chat in Kerio Connect Client." option
Repeat the above steps for all of your email domains
Kerio Connect security hotfix
Work has already started on a security hotfix for Kerio Connect. We intend to deliver a public release in the next few days.
We will send a follow-up notification to all Kerio Connect customers at your registered email when the release is available.
GFI Customer Support Edge Team
|
|
|
|
| Re: Impact of Log4j vulnerability on GFI [message #150662 is a reply to message #150660] |
Tue, 14 December 2021 10:38  |
Backspin
Messages: 132
Registered: June 2008
Location: Amsterdam, the Netherland...
|
|
|
|
Thank you for finally posting some information from GFI's end.
I have one question: Kerio Connect is using a vulnerable version of log4j.
However, it is also using OpenJDK version 1.8.0_222.
On this page, it says that "If the server has Java runtimes later than 8u121, then it is protected against remote code execution by defaulting "com.sun.jndi.rmi.object.trustURLCodebase" and "com.sun.jndi.cosnaming.object.trustURLCodebase" to "false".
Can you tell us if this is the case in OpenJDK 1.8.0_222 used in Kerio Connect? Because then Connect would not be vulnerable, would it?
Edit: never mind, all versions seem vulnerable now: https://twitter.com/marcioalm/status/1470361495405875200
Backspin IT - http://www.backspin.nl
[Updated on: Tue, 14 December 2021 10:44] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
| Re: Impact of Log4j vulnerability on GFI [message #150669 is a reply to message #150665] |
Wed, 15 December 2021 00:37 |
blackbox
Messages: 46
Registered: May 2006
|
|
|
|
srazvan wrote on Tue, 14 December 2021 10:15Thank you for the question. It can be a concern that the service is still running.
Even with it running, there are no endpoints from our investigation that leaves Connect vulnerable, because that particular library is accessible when clients authenticate through chat.
We hope to have the new release with the updated library soon.
To make sure I understand, the suggestion is that Kerio Connect's log4j vulnerability is only exploitable when executed within an authenticated chat session? Unauthenticated users aren't able to exploit Kerio Connect's log4j implementation?
|
|
|
|
|
|
|
|
|
|
| Re: Impact of Log4j vulnerability on GFI [message #150694 is a reply to message #150689] |
Wed, 22 December 2021 02:29 |
MacLab
Messages: 233
Registered: May 2012
|
|
|
|
I upgraded one server and the XMPP service will not stay running. Seeing this in logs.
21/Dec/2021 20:25:14] IM external process is not responding or is not running, closing all client sessions...
[21/Dec/2021 20:25:14] IM external process is not responding or is not running, trying to start it again...
[21/Dec/2021 20:27:24] IM external process is not responding or is not running, closing all client sessions...
[21/Dec/2021 20:27:24] IM external process is not responding or is not running, trying to start it again...
And found this in the error log
[21/Dec/2021 20:20:06] HealthMonitor.cpp: Problem has occured in the 'XMPP Server' component. 5 failures has been found. Component is paused for another 5 minutes. Enable 'XMPP Server' debug logging and inspect the log for more details.
[21/Dec/2021 20:32:46] HealthMonitor.cpp: Problem has occured in the 'XMPP Server' component. 5 failures has been found. Component is paused for another 5 minutes. Enable 'XMPP Server' debug logging and inspect the log for more details.
[Updated on: Wed, 22 December 2021 02:34] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
Members
Search
Help
Register
Login
Home
