Posted by Jeff H. on 14 December 2021 12:53 PM
A vulnerability has been discovered in Apache Log4j, a very ubiquitous logging package for Java. Successful exploitation of this vulnerability could allow for arbitrary code execution within the context of the systems and services that use the Java logging library, including many services and applications written in Java. Depending on the privileges associated with these systems and services, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If these systems and services have been configured to have fewer user rights, exploitation of this vulnerability could have less impact than if they were configured with administrative rights.
rackAID does not use any Log4j containing services as part of out management package installed on your server.
How does this impact me?
If you are not using Java-based applications, then you are not impacted. No further action is required on you part.
If you are using Java-based applications, check your application to see if it includes the Log4j library. If yes, follow your software vendors guidance on remediation.
cPanel Solr Plugin
The WHM/Cpanel includes an optional Solr search plugin for IMAP email. This plugin contains the impacted Log4j library. cPanel has already released a patch for this plugin, but to be safe rackAID has deleted this plugin from all of our cPanel servers. If you were using this plugin, please let us know and we will re-install it.
These two search tools may be used with some discussion forums. We have contacted server owners where he have found this software installed. Sphinx search does not use the Log4j library, so it is not impacted.
rackAID has scanned servers for any java/jvm processes. We have contacted server operators if we suspect their applications may be vulnerable.