I just wonder if Mailcow is vulnerable to CVE-2021-44228 as Solr is also using Log4j?
English
CVE-2021-44228 vulnerability (Solr)?
I just performed a > sudo find / -name “log4j*” < on my mailcow host and found some entries, so I guess yes! log4j vulnerability has also an impact on mailcow systems :-/
Have something to say?
Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!
Solr 7.7 in Mailcow at least contains a vulnerable Log4j version (2.11).
I’m not sure if the vulnerability can be exploited since Mailcow’s Solr is not reachable from the outside. It would probably also require some specially crafted emails to control the log messages, if this even works at all on Mailcow.
Until there is a fix or a confirmation that Mailcow is not affected, I removed the JndiLookup class as described here:
did the same; connect to docker: , apt-get update; apt-install zip; cd /opt/solr/contrib/prometheus-exporter/lib/; zip -q -d log4j-core-.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ; cd /opt/solr/server/lib/ext; zip -q -d log4j-core-.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
Solr has made new Docker images available and they are now used by Mailcow, just did the update. mailcow/solr should be at version 1.8 now.
Habe Mailcowserver zeitnah geupdated so das solr 1.8 aktiv ist.
Allerdings finde ich im Dateisystem noch log4j-Dateien mit Versionsnummer 2.11.
Zum Beispiel:
/var/lib/docker/overlay2/…/diff/opt/solr/contrib/prometheus-exporter/lib/log4j-slf4j-impl-2.11.0.jar
/var/lib/docker/overlay2/…/diff/opt/solr/contrib/prometheus-exporter/lib/log4j-core-2.11.0.jar
/var/lib/docker/overlay2/…/diff/opt/solr/contrib/prometheus-exporter/lib/log4j-api-2.11.0.jar
Wie kann das sein?