[CVE-2021-44228] Apache Log4j2 RCE impact on SCI

Summary

Impact and steps to mitigate the impact of [CVE-2021-44228] Apache Log4j2 RCE on SCI

Question

What is the affect of [CVE-2021-44228] Apache Log4j2 RCE on the SCI ?

Customer Environment

SCI on code 5.3.1, v5.4.2 and v5.5.x

Root Cause

Druid containers(imply-master, imply-data, imply-query) uses log4j 2.5 hence impacted.

Symptoms

Druid containers are using log4j 2.5 and hence impacted.

User-added image

 

Troubleshooting Steps

rsa-api-jvm, rsa, rsa-hadoop are using older version of log4j (1.x), so no need of any patch for these containers.

 

User-added image
User-added image

User-added image

Resolution

Pre check: 

Master Node:

1. sudo docker cp imply-master:/root/imply/dist/druid/lib/log4j-core-2.5.jar .
2. zipinfo log4j-core-2.5.jar | grep JndiLookup.class

 

Data Node: 

1. sudo docker cp imply-data:/root/imply/dist/druid/lib/log4j-core-2.5.jar .
2. zipinfo log4j-core-2.5.jar | grep JndiLookup.class


Note: we are expecting JndiLookup.class

Sample Result:

 User-added image





Please execute below commands to fix log4j security vulnerability on customer setup (druid).

On SCI master node:

1. sudo docker cp imply-master:/root/imply/dist/druid/lib/log4j-core-2.5.jar .
2. sudo zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
3. sudo docker cp log4j-core-2.5.jar imply-master:/root/imply/dist/druid/lib/
4. sudo docker commit imply-master $(sudo docker ps --format "{{.Image}}" --filter name=imply-master)
5. sudo docker-compose up -d imply-master imply-query imply-data


On SCI data node:

1. sudo docker cp imply-data:/root/imply/dist/druid/lib/log4j-core-2.5.jar .
2. sudo zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
3. sudo docker cp log4j-core-2.5.jar imply-data:/root/imply/dist/druid/lib/
4. sudo docker commit imply-data $(sudo docker ps --format "{{.Image}}" --filter name=imply-data)
5. sudo docker-compose up -d imply-data


Sample Result:

User-added image
 



Post Check:

Master Node:

1. sudo docker cp imply-master:/root/imply/dist/druid/lib/log4j-core-2.5.jar .
2. zipinfo log4j-core-2.5.jar | grep JndiLookup.class

 

Data Node: 

1. sudo docker cp imply-data:/root/imply/dist/druid/lib/log4j-core-2.5.jar .
2. zipinfo log4j-core-2.5.jar | grep JndiLookup.class


Note: we are expecting no JndiLookup.class


Sample Result:

 User-added image

 

NOTE: If you have upgrade druid value before (300GB - default value), please contact TSE to assist you to upgrade back again to desired value but if you are using the 300GB. It will be still 300GB.

Article Number:
000012015

Updated:
December 20, 2021 06:37 AM (27 days ago)

Tags:
Performance, Known Issues and Workarounds, SmartCell Insight

Votes:
0

This article is:
helpful
not helpful

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.