POC详情: bf807dc4042688e9d904fe0f4a3d8a626a9f5231

来源
https://github.com/blake-fm/vcenter-log4j
关联漏洞
标题: Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
描述
Script to apply official workaround for VMware vCenter log4j vulnerability CVE-2021-44228
介绍
# VMware vCenter log4j workaround
Script to workaround VMware vCenter log4j vulnerability CVE-2021-44228, as per the [VMware KB article](https://kb.vmware.com/s/article/87081).

2021-12-13 02:09 UTC - Added Secure Token & Identity Management services

2021-12-13 12:46 UTC - Added PSC Client for 6.5 - see below

VMware have released a python script linked on the KB article.  The initial teething problems with their version seem to have been resolved.

## Quick and dirty
- SSH to vCenter
- Run `shell`
- Paste entire [contents of script](https://raw.githubusercontent.com/blake-fm/vcenter-log4j/main/log4j-vcenter-6.5-7.0-workaround.sh)
- Type `cve`, hit tab, enter

And you're done.

## What it does
- Automatically detects the version and required steps
- Backs up existing files to .bak files
- Applies the workarounds recommended by VMware
- Skips any steps that are already applied
- Reports status as it goes
- Provides a summary at the end - verification is more accurate / granular than the KB steps

### If you don't like quick and dirty..
Apply workarounds and verify
```
cve-workaround
```
Run verification only
```
cve-workaround -v
```
Rollback - very basic, copies the .bak files over the patched files, restarts the services, and prints status messages.
```
cve-workaround -rollback
```
PSC Client Service for 6.5 - thank you to Power-Wagon on reddit for verifying
```
cve-workaround -sprayandpray65
```

### Notes
Detects version and applies the relevant workarounds.  Skips and reports per workaround step, if it thinks that workaround has been applied (safe to re-execute).

#### Services not starting / permissions fix
During my own testing - apply, rollback, re-re-re-apply - I ran across some issues with permissions on 6.7, which prevented some vCenter services from starting (and I still can't find any evidence of an actual error message being logged).  Should you experience similar behaviour, this is the hammer I have been using to beat things into submission.
```
chmod 754 /usr/lib/vmware-vmon/java-wrapper-vmon
chown root:cis /usr/lib/vmware-vmon/java-wrapper-vmon
chmod 644 /usr/lib/vmware-updatemgr/bin/jetty/start.ini
chown updatemgr:updatemgr /usr/lib/vmware-updatemgr/bin/jetty/start.ini
chmod 440 /usr/lib/vmware/common-jars/log4j-core-2.8.2.jar
chown root:cis /usr/lib/vmware/common-jars/log4j-core-2.8.2.jar
chmod 755 /usr/lib/vmware-cm/lib/log4j-core.jar
chown cm:cis /usr/lib/vmware-cm/lib/log4j-core.jar
```

Happy to hear any bugs / issues.
文件快照

 [4.0K]  /data/pocs/bf807dc4042688e9d904fe0f4a3d8a626a9f5231
├── [1.0K]  LICENSE
├── [ 12K]  log4j-vcenter-6.5-7.0-workaround.sh
└── [2.4K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。