Zu den Hauptinhalten
  • Bestellungen schnell und einfach aufgeben
  • Bestellungen anzeigen und den Versandstatus verfolgen
  • Erstellen Sie eine Liste Ihrer Produkte, auf die Sie jederzeit zugreifen können.
  • Verwalten Sie mit der Unternehmensverwaltung Ihre Dell EMC Seiten, Produkte und produktspezifischen Kontakte.

Artikelnummer: 000194651


DSA-2021-309: Dell Technologies Data Protection Advisor Security Update for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228 , CVE-2021-45046, and CVE-2021-45105)

Zusammenfassung: Dell Technologies Data Protection Advisor (DPA) remediation is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromiseWeitere Informationen

Artikelinhalt


Auswirkungen

Critical

Details

Third-party Component  CVEs  More information 
Apache Log4j  CVE-2021-44228 , CVE-2021-45046, CVE-2021-45105 Apache Log4j Remote Code Execution 
Third-party Component  CVEs  More information 
Apache Log4j  CVE-2021-44228 , CVE-2021-45046, CVE-2021-45105 Apache Log4j Remote Code Execution 

Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Problembehebung

Product and Component Versions Updated Versions Link to Update


Data Protection Advisor
 
19.6.0 DPA 19.6 Build B24 Support for Data Protection Advisor | Drivers & Downloads | Dell India
19.5.x DPA 19.5 Build 74 Support for Data Protection Advisor | Drivers & Downloads | Dell India
 
19.4.x DPA 19.4 Build B104 Support for Data Protection Advisor | Drivers & Downloads | Dell India
19.3.x,
19.2.x,
19.1.X,
18.2.x (IDPA),
18.x (or earlier) -standalone DPA is EOSL
Dell Technologies recommends customers apply the resolution detailed in the Workaround and Mitigation section of this DSA.

Note: Only the DPA Agent is impacted, but a complete upgrade of DPA (DPA Server, DPA Agent, and DPA Datastore) is required, see updated version in the above table.
Product and Component Versions Updated Versions Link to Update


Data Protection Advisor
 
19.6.0 DPA 19.6 Build B24 Support for Data Protection Advisor | Drivers & Downloads | Dell India
19.5.x DPA 19.5 Build 74 Support for Data Protection Advisor | Drivers & Downloads | Dell India
 
19.4.x DPA 19.4 Build B104 Support for Data Protection Advisor | Drivers & Downloads | Dell India
19.3.x,
19.2.x,
19.1.X,
18.2.x (IDPA),
18.x (or earlier) -standalone DPA is EOSL
Dell Technologies recommends customers apply the resolution detailed in the Workaround and Mitigation section of this DSA.

Note: Only the DPA Agent is impacted, but a complete upgrade of DPA (DPA Server, DPA Agent, and DPA Datastore) is required, see updated version in the above table.

Behelfslösungen und Abhilfemaßnahmen

The workaround steps mentioned in this document are a measure to limit the exposure and does not fully mitigate the vulnerability.

The alternative is to apply any of the latest builds which has the remediation. Support for Data Protection Advisor | Drivers & Downloads | Dell India

Note:

  • The workaround fixes persist across system reboots.
  • After applying the workaround steps mentioned in this document, if DPA is upgraded to a later version, which does not have the permanent fix provided by Dell, then follow the same instructions and re-apply it.
There are three options listed below for Windows and two options listed below for Linux (We recommended Option 1 for both Windows and Linux).


DPA Agents on Windows hosts or platforms:

Option 1: Using Logpresso tool.
  1. Download the latest version of the logpresso tool from the following location:
Choose the latest logscanner tool for Windows x64, zip.

Note: It is recommended to use the latest version of the logpresso tool, but be aware that the DPA testing was done with the logpresso version 2.3.2 and 2.3.3.
  1. Extract the zip (for example, logpresso-log4j2-scan-XXX-win64).
  2. Copy the log4j2-scan.exe to C:\temp directory of the affected DPA Servers (DPA Application Server / Datastore / Standalone Agent).
Note: Run the following steps as Administrator user.
  1. Stop the Agent services (The below instructions are an example for a default location. If a non default location, substitute the appropriate DPA installation path.)
Example:
C:\Program Files\EMC\DPA\services\bin\dpa agent stop  
  1. After the DPA Agent services are stopped, run the following command on all the DPA servers (The below instructions are an example for a default location. If a non default location, substitute the appropriate DPA installation path.)
Example:
C:\temp\log4j2-scan.exe --fix "C:\Program Files\EMC\DPA"
  1. Start the DPA Agent services.
Example:
C:\Program Files\EMC\DPA\services\bin\dpa agent start
  1. In order to verify the above fix, run the following command on all the DPA Servers.
C:\temp\log4j2-scan.exe "C:\Program Files\EMC\DPA"

This command lists if any vulnerable files are present.

Find the following screenshots for reference (before and after):
  • As shown below, after the command is run the files should be shown as mitigated and the number of vulnerable files must be zero.

 

Option 2: Using PowerShell Script and the steps followed.
This is recommended ONLY if you are unable to download the logpresso tool due to security reasons.

This remediation involves utilizing a Windows PowerShell script which is using native Windows scripting commands.

See the below Knowledge Base article 194869 for the steps to follow:

Option 3: Using Windows Commands only and the steps followed.
This is recommended ONLY if you are unable to download the logpresso tool due to security reasons.

These instructions require only Windows native commands, access to the server (for example, Remote Desktop), and Windows Explorer.

These instructions can be applied to any type of Windows DPA installation including the DPA Application, DPA Datastore, and Standalone DPA Agent (installed alone on a server or on another type of application server).

See the below Knowledge Base article 194903 for the steps to follow:

DPA Agent on Linux hosts or platforms:

Option 1: Using Logpresso tool.
  1. Download the latest version of the logpresso tool from the following location:
Choose the latest logscanner tool for Linux x64.

Note: It is recommended to use the latest version of the logpresso tool, but be aware that the DPA testing was done with the logpresso version 2.3.2 and 2.3.3.
  1. Copy the logpresso-log4j2-scan-x.x.x-linux.tar.gz to /tmp directory of the affected DPA Servers (DPA Application Server / Datastore / Standalone Agent).
  2. Open SSH to DPA Application, Agent, and Datastore server and login as root user. 
  3. Go to /tmp directory by running the following command:
cd /tmp
  1. Extract the logpresso-log4j2-scan-x.x.x-linux.tar.gz file by running the following command:
tar -xvf logpresso-log4j2-scan-x.x.x-linux.tar.gz
  1. Provide execute permissions to log4j2-scan by running the following command:
chmod 755 log4j2-scan
  1. Stop the DPA Agent services by running the following command on the affected DPA Server:
/opt/emc/dpa/agent/etc/dpa stop
  1. After the DPA Agent services are stopped, run the following command on the affected DPA server:
/tmp/log4j2-scan --fix /opt/emc/dpa
  1. Start the DPA Agent service by executing the following command on the affected DPA Server:
/opt/emc/dpa/agent/etc/dpa start
  1. In order to verify the above fix, run the following command on the affected DPA Server:
/tmp/log4j2-scan /opt/emc/dpa

This command lists if any vulnerable files are present.

Find the following screenshots for reference (before and after):
  • As shown below, after the command is run the files should be shown as mitigated and the number of vulnerable files must be zero.





Option 2: Using workaround from Apache site (Linux ONLY):
Due to security reasons, ONLY if you are unable to download logpresso tool, below are the manual steps you may follow from Apache site:

On each affected DPA Server, follow the below steps:
  1. Open SSH to the affected DPA Server and log in as root.
  2. Stop the DPA Agent services by running the following command on the affected DPA Server:
/opt/emc/dpa/agent/etc/dpa stop
  1. Run the following command on the affected DPA server:
find /opt/emc/dpa/agent/lib/ -xdev -type f -name "dpa*.jar" -exec zip -q -d {} org/apache/logging/log4j/core/lookup/JndiLookup.class \;
  1. Start the DPA Agent services by running the following command on the affected DPA Server:
/opt/emc/dpa/agent/etc/dpa start
  1. To confirm if the JndiLookup class was removed, run the following command:
grep -R 'JndiLookup.class' /opt/emc/dpa/agent/lib

Find the following screenshots for reference:
  • As shown below, the output of grep for JndiLookup.class does not show any results, confirming that JndiLookup.class is removed.

 

Revisionsverlauf

Revision Date Description  
1.02021-12-20Initial Release 
2.02021-12-21Workaround and Mitigation Revision 
3.02021-12-22Added CVE-2021-45046 
4.02022-01-06Updated table to improve readability 
5.02022-01-10Added additional patches 

Zugehörige Informationen

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Die Informationen in diesem Dell Technologies Sicherheitsratgeber sollten gelesen und verwendet werden, um Situationen zu vermeiden, die sich aus den hier beschriebenen Problemen ergeben können. Dell Technologies veröffentlicht Sicherheitsratgeber, um den Nutzern der betroffenen Produkte wichtige Sicherheitsinformationen zur Verfügung zu stellen. Dell Technologies bewertet das Risiko auf der Grundlage eines Durchschnittswerts der Risiken für eine Vielzahl von installierten Systemen. Dies stellt möglicherweise nicht das tatsächliche Risiko für Ihre lokale Installation und die individuelle Umgebung dar. Es wird empfohlen, dass alle Nutzer die Anwendbarkeit dieser Informationen auf ihre individuellen Umgebungen bestimmen und entsprechende Maßnahmen ergreifen. Die hier dargelegten Informationen werden in der vorliegenden Form ohne jegliche Gewährleistung bereitgestellt. Dell Technologies schließt nachdrücklich jegliche ausdrückliche oder implizite Haftung aus, einschließlich der Haftung für die Marktgängigkeit, Eignung für einen bestimmten Verwendungszweck, Eigentumsrechte und Nichtverletzung. Dell Technologies, seine Tochtergesellschaften oder seine Lieferanten übernehmen keine Haftung für Schäden, die sich aus den hierin enthaltenen Informationen oder aus Handlungen ergeben oder damit in Zusammenhang stehen, die Sie aufgrund dieser Informationen ergreifen, einschließlich unmittelbarer Schäden, mittelbarer Schäden, beiläufig entstandener Schäden und Folgeschäden, entgangener Gewinne oder bezifferbarer Vermögenschäden, selbst wenn Dell Technologies, seine Tochtergesellschaften oder seine Lieferanten auf die Möglichkeit solcher Schäden hingewiesen wurden. Da es in einigen Ländern nicht zulässig ist, die Haftung für Folgeschäden oder beiläufig entstandene Schäden auszuschließen oder zu beschränken, gelten die vorstehenden Haftungsausschlüsse im gesetzlich zulässigen Umfang.

Artikeleigenschaften


Betroffenes Produkt

Data Protection Advisor

Produkt

Product Security Information

Letztes Veröffentlichungsdatum

13 Jan 2022

Version

12

Artikeltyp

Dell Security Advisory

Diesen Artikel bewerten


Präzise
Nützlich
Leicht verständlich
War dieser Artikel hilfreich?

0/3000 Zeichen