CVE-2021-44228 Log4j 2.15.0 replacement for BigFix Compliance
Log In or Register to download the BES file, and more.

0 Votes

Description

Replaces the log4j-core-X.jar used by BigFix Compliance with version 2.15.0.  To maintain compatibility with the existing Compliance code, the new log4j-core file will retain the file name of the original log4j-core version - so the file may retain an earlier version name even though it is actually replaced with the 2.15.0 version.

 


Property Details

ID26890
StatusAlpha - Code that was just developed
TitleCVE-2021-44228 Log4j 2.15.0 replacement for BigFix Compliance
DomainBESC
SourceInternal
Source Release Date12/10/2021 12:00:00 AM
Keywords CVE, CVE-2021-44228, Log4j, vulnerability, Compliance
Added by on 12/11/2021 9:31:13 AM
Last Modified by on 12/11/2021 9:31:13 AM
Counters 902 Views / 28 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 266 fixlets and 2 analyses   * Results in a true/false
Show indented relevance
x64 of operating system
Used in 16 fixlets and 16 analyses   * Results in a true/false
Show indented relevance
windows of operating system AND (if exists property "in proxy agent context" then not in proxy agent context else true)
Used in 2 fixlets   * Results in a true/false
Show indented relevance
exists keys ("IBM BigFix Compliance";"BigFix Compliance") of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of x64 registry
Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists (find files "log4j-core-2.*.jar" of folders ((((value "InstallLocation" of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bigfix Compliance" of x64 registry) | (value "InstallLocation" of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IBM Bigfix Compliance" of x64 registry))) as string & "\wlp\usr\servers\server1\lib")) whose (following text of last "log4j-core-" of name of it as string as version < version "2.15.0" and size of it != 1789769 and sha256 of it != "e7048ad52e3b6f1267b7ceb2c07200a5ce61271bcf59f98fd238bf60e4137932")

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
begin prefetch block
add prefetch item name=unzip.exe sha1=e1652b058195db3f5f754b7ab430652ae04a50b8 size=167936 url=http://software.bigfix.com/download/redist/unzip-5.52.exe sha256=8d9b5190aace52a1db1ac73a65ee9999c329157c8e88f61a772433323d6b7a4a
add prefetch item name=apache-log4j-2.15.0-bin.zip size=15291224 sha1=ad4fc1c39512e5a131bcfe1ce951dc87f98e4352 url=https://dlcdn.apache.org/logging/log4j/2.15.0/apache-log4j-2.15.0-bin.zip sha256=275a00bf098e3347f88e08c6a32ee13dea5cab1f1e4a28a39896ffe06b516694
end prefetch block

action uses wow64 redirection {not x64 of operating system}
if {exists running service "tema"}
parameter "tema-restart"="net start tema"
else
parameter "tema-restart"="REM TEMA was not running, do not restart it"
endif

waithidden __Download\unzip.exe __Download\apache-log4j-2.15.0-bin.zip -d __Download
delete __createfile
createfile until EOF_EOF_EOF
net stop TEMA
{concatenation "%0d%0a" of ("copy /y %22" & it & "%22 %22" & it & "-disabled%22") of (pathname of file (it) whose ( not exists file (pathname of it & "-disabled"))) of pathnames of find files "log4j-core-*.jar" of folders ((((value "InstallLocation" of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bigfix Compliance" of x64 registry) | (value "InstallLocation" of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IBM Bigfix Compliance" of x64 registry))) as string & "\wlp\usr\servers\server1\lib")}
{concatenation "%0d%0a" of ("copy /y %22__Download\apache-log4j-2.15.0-bin\log4j-core-2.15.0.jar%22 %22" & it & "%22") of (pathname of file (it)) of pathnames of find files "log4j-core-*.jar" of folders ((((value "InstallLocation" of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bigfix Compliance" of x64 registry) | (value "InstallLocation" of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IBM Bigfix Compliance" of x64 registry))) as string & "\wlp\usr\servers\server1\lib")}
{parameter "tema-restart"}

EOF_EOF_EOF

delete replace_compliance_jar.cmd
move __createfile replace_compliance_jar.cmd
waithidden cmd.exe /c replace_compliance_jar.cmd
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!