Hi, this is Jennifer from VXrail GSC team. Dell has published a DSA for the Apache Lo 4G remote code execution vulnerability. This is related to the CVE-2021-44228. On December 10th, 2021, a remote code vulnerability was published concerning the Apache log for J library and VX rail is impacted by this vulnerability. Please be advised this is an ongoing event. Always check the advisory for frequent updates as they develop. On this article, we can find some fixes and workarounds. Please review the whole article.
The workarounds described are meant to be a temporary solution. Upgrades documented in the advisory should be applied when available to remediate the vulnerability. I want to highlight that for a full mitigation of VX rail, we are required to apply the workaround on VCSA as well as on VX rail. If we scroll down, we can find those mitigations. So today we are going to work on the VCSA part. So if we click on the link that is on the workaround, it will direct us to the VMware page. Please have a look at the whole document as well.
So if we go to the part of the workarounds, we can see there is an automated script that you can access here and then there is a manual workaround. So today we are going to see how to apply the manual workaround on version 7. So just as a quick overview, we will need to address this vulnerability on the demon service. On the update manager service, on the analytic service, which we will run a script for that as well and then finally we will just verify that the changes were applied correctly. So let's have a look. We are going to log into BSphere. And just before we start with the workaround, uh, we strongly suggest to take a proactive uh snapshot with the VM offline.
So first I'm going to check on which host is this stored. And we're just going to log in there. Uh, we can see that the center is here. So for before they taking the snapshot, uh we are just going to shut down the guests. It would take a minute. Now the BM is power off, so we are going to actions, snapshot, take a snapshot, and just the name we're gonna say before apply. Yes Take a snapshot. And then we're just going to manage and we can see it has been successfully created. That's perfect.
So now we can just power on the VM and it will take a minute to come back as well. Yeah, the BM is up again, so we can access this sphere. And we can now start with the workaround. OK, so we can log into BSphere. And then look for the Center VM and we're going to SSH2. The VM, uh, we can use Putty or if you're using any other terminal. Uh, we will log in as for. Yeah. So if we go back to our article, the first step of the workaround is the the demon service.
So we're going to back up the existing Java rapper Vmon file. So we are just gonna make a copy. And if you want to ensure that the copy is there, uh, we can just um Go to the location and see that it's there, right, so the second one is gonna be uh an editor to to change some lines inside the file. So we are just going to open the file, let me show you. What we need. So depending on the versions here you need to take on which version your center is, you will need to update from this line to these two or from this line to these two. So let's have a look here. This is our center. Let me get the link.
OK, so if we access uh this link of VMware, we are going to see which update are we, so we are on 70 update one. So if we go back to our article, we will need to follow this one, OK, so not this one but this one. So we are going to update this line by these two. Just in case you are not very familiar with the editor, I'm just gonna add here the next keys that we're gonna use. So, uh, we are just gonna shift to go to the end and this is the line that we need to to update. So I'm just gonna insert and I'm going to delete this line. As per the workaround, and we're just gonna copy this one, OK? So then we escape and then call on write with an exclamation mark. OK. So the file is updated, you can also. I mean check that is uh correctly showing there.
So the next step is going to ensure the file permissions are set correctly on the file. So we are just gonna copy and paste as well. And this one. Perfect. And then lastly we are just going to restart the vicenter services, so. It will take a minute, so just be patient there. OK, all the services have been stopped, so we are just going to start them now. And take a couple of minutes again. OK, we are back. So uh we have all the services up and we can check the status with this command as well if you want. So Everything as expected. So that was the last step of the demon.
Uh, we're just gonna go to the next step which is update manager service. OK, just to leave this re log in again, so, uh, the next step as we were saying is to update the manager service. So the first, um, you know, point is to back up the existing the start line a file. So we are just gonna copy and paste as before if you want to check that. That the copy is there, you can just go to the location andless and we have our backup there, OK. Then we are going to use again the editor. OK, I'm just adding again that in case you need help. So uh we, we open with the editor and then we have to add the following line at the end of the file. OK. So, if we go shift to go to the end and insert. I just want to put it at the end so. We're just gonna add it here. And then escape. Right, quit. And that's it.
So if you catch the file, you will see it is here. Great and then the last step is to restart the update manager service. So this time we are not going to restart all the services, only this one. So we need to wait a moment. OK, it has been restarted. Again, if you want to check the status, you can just do it like this and it is running. So that was our last step for the update manager service. So next step is gonna be the analytics service. For the analytics service, it has been highlighted because that part has been updated by VMware. Uh, recently there was initially another workaround, so now we need to download this script and that will fix the analytics automatically. So if we scroll up again. And the attachments you can see there the clip where you can download the file. OK, so we need to to download.
We have it already, log into uh Vicenter we had already. Uh, open session, I just clear and then we need to use WA CP. To transfer the file. OK, so You're just gonna use. Yeah. And then we can log in here as route. Perfect. So if we go to the TMP. Side. We have here the file, so we just need to transfer it over. OK. And now we have it on the system. So once you have the file transfer, we just need to execute the script. OK. And just so you are aware, this is going to restart as well the services. So this explains you a bit what the script does so it will stop all the services uh like we did on step one. It will proceed removing this from their files and finally start all the Venter services.
So this step will take also a couple of minutes, as you know, while all the services have been stopped and started again so. Let's give it some time. As the article mentioned, we can see here that vulnerable files. That the script modifies here. So we are on the last step. The services were stopped, the changes were made, and we're just starting the services. This can take up to 5 to 10 minutes depending. On the server. The services have fully started now, OK, so, um, we can just go to the last step which could be to verify that all the changes have been applied correctly.
So we're going to verify that the services were started with this line, OK, so we copy this. Just gonna do it here. So We need to find. This line as true which we can perfectly see here. Then we need to verify uh that the update manager changes are shown under system properties. So first we're going to the location and just run the Java. And then we can see here system properties as true. All right, which is supposed to appear, and then the last check is to grab and it has to return 0 lines. So, that's perfect. We have currently applied the workaround for 7.0.
So, thank you for watching and have a good day.
