IT Professionals,
Due to the varied, numerous, and evolving attack methods of the Log4Shell vulnerability, the UISO needs your help to mitigate the risks posed to IU. At present there are no effective network-based detection or protection options available to us. Over the weekend local exploitation was observed so it is imperative that application and system administrators review their infrastructure for the existence of log4j and immediately take steps to mitigate the vulnerability. Mitigation can take the form of applying patches, implementing a workaround, and/or relying on vendors to determine if their software is vulnerable. Please note that closed source or embedded software may need to be patched by the vendor.
Please review your systems, especially servers, using the following search parameters:
- ‘log4j-core-*.jar’
- jar files containing the string ‘JndiLookup.class’
- software packages that references ‘org.apache.logging.log4j:log4j-api’
- If you prefer to search via file hashes, a reference list can be found at https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes
Upon identifying a potentially vulnerable log4j instance, please take the following actions:
1) Fill out the form at https://forms.office.com/r/0VZC7PACha
2) Using the attached flowchart, determine appropriate mitigation pathway
3) Implement mitigation (patch, workaround, etc.)
At the bottom of this message, we have included command-line examples to assist in finding this software.
Thank you for your continued partnership in keeping IU secure.
Reference links:
https://www.randori.com/blog/cve-2021-44228/
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
https://www.rumble.run/blog/finding-log4j/
==============
Powershell recursive search:
Get-ChildItem ‘DriveLetter:\’ -rec -force -include *.jar -ea 0 | foreach {select-string “JndiLookup.class” $_} | select -exp Path
Linux find:
# find . -iname \*log4j\* | grep jar | sort
–IT Community Partnerships on behalf of the University Information Security Office