|
I am feeling like a fish out of the water here.
I ran the SQL script and found 32 objects. They basically fall in to the
following groups:
/java/poi-4.1.2/lib/log4j-1.2.17.jar
/www/WSERVICE/lwi/runtime/webservicesmax/eclipse/plugins/WebServicesEngine/WEB-INF/classes/log4j.properties
/QIBM/ProdData/OS/WebServices/internal/engines/org.apache.axis2-15/WEB-INF/classes/log4j.properties
/QIBM/UserData/OS/ADMININST/admin4/wlp/usr/servers/admin4/workarea/org.eclipse.osgi/48/data/libcont/WebAdminLibs_1@xxxxxxxxxxxxxxxx
If I am reading these threads correctly, the ones in the QIBM folders just
wait for IBM to come out with some sort of fix/PTF.
I assume the www/WSERVICE same thing, wait for IBM to come out with some
sort of fix/PTF.
That brings us to the java/poi group. If I recall correctly I put these
for various projects. Do I need to remove these folders and reinstall an
updated version?
Kerwin
On Wed, Dec 15, 2021 at 8:22 AM Brad Stone <bvstone@xxxxxxxxx> wrote:
Its all IBM stuff. I'd wait for PTFs/fixes from them./QIBM/WAS/IMFIXPACKS/IM/19100620210614_1906/FIXPACK/plugins/org.apache.ant_1.9.6.v201510161327/lib/ant-apache-log4j.jar
If you're not running any external servers (or only the IBM apache one) I
don't think you need to worry.
On Wed, Dec 15, 2021 at 1:17 AM Gad Miron <gadmiron@xxxxxxxxx> wrote:
Thanks David and thanks S.Frostie
Now, what do I do with the 41 objects found?
Samples:
/QIBM/ProdData/WebSphere/AppServer/V85/Express/deploytool/itp/plugins/org.apache.axis_1.4.0.v201005080400/lib/log4j.properties
/QIBM/UserData/OS/ADMININST/admin2/wlp/usr/servers/admin2/workarea/org.eclipse.osgi/234/0/.cp/WEB-INF/lib/log4j-1.2.14.jar
Forstie
Gad
date: Tue, 14 Dec 2021 11:59:02 -0600
from: David Gibbs via MIDRANGE-L <midrange-l@xxxxxxxxxxxxxxxxxx>
subject: Re: Remote code execution exploit found in Log4j .....
On 12/14/21 7:01 AM, Mayer, Michael via MIDRANGE-L wrote:
Good day everyone. This was on Linkedin last night from Scott
raise....
https://gist.github.com/forstie/9662d4c302f5224c66b7a4c409141a2c
One thing to keep in mind ... some vendors repackage jar's so their
product is included in a single jar, with all the required classes
included (either as classes or jar's with a special class loader).
This is going to make it very difficult to detect if the vulnerable
classes are used.
david
--
I'm riding in the American Diabetes Association's Tour de Cure to
affiliaterelatedmoney for diabetes research, education, advocacy, and awareness. Youlist
can make a tax-deductible donation to my ride by visiting
https://mideml.diabetessucks.net.
You can see where my donations come from by visiting my interactive
donation map ... https://mideml.diabetessucks.net/map (it's a geeky
thing).
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) digest
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
questions.
Help support midrange.com by shopping at amazon.com with our
relatedlistlink: https://amazon.midrange.com--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
listquestions.--
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
KCrawford
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.