log4j vulnerability?

elvisimprsntr · Dec 11, 2021

Any comment from iXsystems? Or are we intentionally maintaining OPSEC?

Critical RCE Vulnerability Updates (log4j - CVE-2021-44228) | Huntress

Read about how our team investigated CVE-2021-44228, a critical vulnerability that was affecting a Java logging package.

www.huntress.com

Samuel Tai · Dec 11, 2021

Running find / -name log4j* -print on my 12.0-U7 system results in no hits. I don't think it's part of a vanilla install. However, that notice says ElasticSearch relies on log4j, so anyone who has installed ES in a jail will need to take precautions. Just off the top of my head, Graylog relies on ES, as does the SpotLight search for SMB shares.

Sgutha · Dec 13, 2021

Our TrueNAS is on 12.0-U5.1. How do we check the vulnerability?

Patrick M. Hausen · Dec 13, 2021

TrueNAS does not use any Java components. What would you want to check if the vulnarable software clearly isn't there?

Sgutha · Dec 13, 2021

Patrick M. Hausen said:
TrueNAS does not use any Java components. What would you want to check if the vulnarable software clearly isn't there?

Thank you Patrick!! I am new to TrueNAS and was just making sure this vulnerability has no effect on our systems

JoeAtWork · Dec 22, 2021

Patrick M. Hausen said:
TrueNAS does not use any Java components. What would you want to check if the vulnarable software clearly isn't there?

TrueNAS Scale?

Desc	Model	OS	Size/Speed	Boot/Pool	Other
NAS-1	QNAP TS-453A	TrueNAS CORE	2x8GB	16GB SLC eUSB DOM	APACHE, LACP, RSYNC, SMB, TFTP, TM
- Hourly	Seagate ST2000VN00[04]		4x2TB	RZ2	SATA
- Daily	Google Drive		15GB		Offsite
NAS-2	QNAP TS-253A	TrueNAS CORE	2x8GB	16GB SLC eUSB DOM	LACP, RSYNC, SMB, TM, VM
- Daily	Seagate ST4000VN008		2x4TB	RZ1	SATA
- Weekly	Crucial X8		500GB	RZ0	USB
NAS-3	QNAP TS-453A	TrueNAS SCALE	2x8GB	16GB SLC eUSB DOM	LACP, RSYNC, SMB, TM
- Weekly	Seagate ST2000[DM,VN]00[46]		4x2TB	RZ2	SATA
- Monthly	Crucial X8		500GB	RZ0	USB
NAS-4	QNAP TS-253A	TrueNAS SCALE	2x8GB	16GB SLC eUSB DOM	LACP, RSYNC, SMB, TM, VM
- Testing	WD40EFRX		2x4TB	RZ1	SATA
VM-1	QNAP TS-253A		2x8GB	16GB SLC eUSB DOM	KVM, LXC
- PVE	Segate ST4000VN000	Proxmox VE	2x4TB	RZ1	SATA
FW	Protectli FW4C	pfSense CE	8GB	256GB TLC mSATA	DHCP/DNS, IDS/IPS, GPS/PPS, NTP, VPN
- WAN-1	Arris NVG599		375Mbps		ATT Fiber
~~- WAN-2~~	~~Netgear LB1120~~		~~150Mbps~~		~~SpeedTalk LTE~~
- GPS	Garmin 18X LVC				RS232, PPS
- LCD	Crystalfontz XES635	LCDproc			USB, NTP, UPS
- UPS	APC BX1500M		1500VA		USB, Master
SW	Linksys LGS326		52Gbps		LACP, VLAN
- AP-[123]	EnGenius EWS377APv3		3.6Gbps		WPA2/3
- SK-1	EnGenius SkyKeyIv1.1		1GB	4GB MLC eMMC	400GB mSD
NVR
- DB-1	Lorex B862AJD		8MP	32GB mSDXC	RTSP
- DB-[23]	Lorex B451AJD		4MP	32GB mSDXC	RTSP
- CAM-[12]	Lorex W461ASC		4MP	32GB mSDXC	RTSP

Important Announcement for the TrueNAS Community.

log4j vulnerability?

elvisimprsntr

Guru

Critical RCE Vulnerability Updates (log4j - CVE-2021-44228) | Huntress

Samuel Tai

Never underestimate your own stupidity

Sgutha

Cadet

Patrick M. Hausen

Hall of Famer

Sgutha

Cadet

JoeAtWork

Contributor

Similar threads

Important Announcement for the TrueNAS Community.

log4j vulnerability?

elvisimprsntr

Guru

Critical RCE Vulnerability Updates (log4j - CVE-2021-44228) | Huntress

Samuel Tai

Never underestimate your own stupidity

Sgutha

Cadet

Patrick M. Hausen

Hall of Famer

Sgutha

Cadet

JoeAtWork

Contributor

Important Announcement for the TrueNAS Community.

Related topics on forums.truenas.com for thread: "log4j vulnerability?"

Similar threads