VRTSaccess-app-EEB-ET4065022-7.4.2.400-1.x86

Translation Notice

Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.

VRTSaccess-app-EEB-ET4065022-7.4.2.400-1.x86_64(article 100052105)

HotFix

Update ID: UPD949697

Version: 7.4.2.400

Platform: Appliance

Release date: 2022-02-17

Abstract

The EEB 4065022 will upgrade log4j to a newer version 2.17.1

Description

The EEB 4065022 upgrades log4j to a newer version 2.17.1. The EEB can be installed on Access appliance running version 7.4.2.400.

Impact Summary

There are Access Appliance Component(s) that use the vulnerable Apache Log4j version. However, the component(s) do not have any interface(s) that are exposed outside of the Access Appliance through any public IPs. Hence there is no exposure from any external user.

Mitigation for Access Appliance 7.4.2.400 with Hot Fix: EEB 4065022

Veritas has provided EEB 4065022 that upgrades log4j to a newer version.

The EEB is not cluster aware and must be applied to each node individually. Repeat the procedure on each node of the appliance.

1. Download the Hot Fix from here.

2. Copy the Hot Fix to a single node of the 3340 Appliance cluster

2a. Open a CIFS or NFS share via the Access Appliance CLISH to move the Hot Fix to the cluster node:

accessnode-01.Main_Menu> Manage

accessnode-01.Manage> Software

accessnode-01.Software> Share Open

3. Copy the Hot Fix to the CIFS or NFS directory

4. Close the share.

accessnode-01.Software> Share Close

5. List the downloaded file:

accessnode-01.Software> List Downloaded

Patch_Name Size Release_Date Access_Version Appliance_Version

VRTSaccess-app-EEB-ET4065022-7.4.2.400-1.x86_64.rpm

149M Tue Feb 15 2022 7.4.2.400

6. Install the Hot Fix

accessnode-01.Software> Install VRTSaccess-app-EEB-ET4065022-7.4.2.400-1.x86_64.rpm

- [Info] Successfully installed the EEB VRTSaccess-app-EEB-ET4065022-7.4.2.400-1.x86_64.rpm.

7. (Optional) Use the steps listed in the manual mitigation steps below to validate that the JndiLookup.class is now taken from log4j version 2.17.1.

# for log4jcore in `find /opt -name \*log4j\*core\*.jar 2> /dev/null`;do echo "In the file:

> $log4jcore"; unzip -l "$log4jcore" | grep JndiLookup.class; done

In the file:

/opt/autosupport/transmission/lib/log4j-core-2.17.1.jar

3158 12-27-2021 17:30 org/apache/logging/log4j/core/lookup/JndiLookup.class

In the file:

/opt/autosupport/alertmanager/lib/log4j-core-2.17.1.jar

3158 12-27-2021 17:30 org/apache/logging/log4j/core/lookup/JndiLookup.class

In the file:

/opt/autosupport/analyzer/lib/log4j-core-2.17.1.jar

3158 12-27-2021 17:30 org/apache/logging/log4j/core/lookup/JndiLookup.class

In the file:

/opt/autosupport/fileuploader/lib/log4j-core-2.17.1.jar

3158 12-27-2021 17:30 org/apache/logging/log4j/core/lookup/JndiLookup.class

In the file:

/opt/apache-tomcat/vxos/webapps/ascws/WEB-INF/lib/log4j-core-2.17.1.jar

3158 12-27-2021 17:30 org/apache/logging/log4j/core/lookup/JndiLookup.class

Applies to the following product releases

Access Appliance OS 7.4.2

Release date: 2018-10-01

End of support life: 2023-10-01

Update files

	File name	Description	Version	Platform	Size

Choose an account to download the files you selected.