Log4j Vulnerability – cPanel & log4j vulnerability (CVE-2021-44228)

Last week, a vulnerability was found in Log4j, (Apache Log4J library ).  If left unfixed, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software.
Log4j is used worldwide across software applications and online services, and the vulnerability requires very little expertise to exploit. This makes Log4shell potentially the most severe computer vulnerability in years.

Your server vulnerable if you are running other Java applications/ services (server side java). Please contact your software vendor for updates and patches.
If you have a dedicated or virtual server with cPanel installed and have enabled the Solr plugin for cPanel(cpanel-dovecot-solr) then your server maybe vulnerable.

If you do not have this installed, then your cPanel server is secure. Any new installations of Dovecot_FTS will include the patched RPM by default. You can check if this RPM is installed with the following command.

Example if installed:

# rpm -q cpanel-dovecot-solr 

We strongly advise if you have cPanel installed confirm they are running the latest version patched :
To update your cPanel installation : log on to WHM and go to: Home > cPanel > Upgrade to Latest Version

cPanel published an update with the mitigation for CVE-2021-44228 to the cpanel-dovecot-solr RPM in version 8.8.2-4+. This patch will automatically be applied during the nightly updates if this package is installed. You can confirm if your server is patched by using:

Example output of patched RPM:

# rpm -qv --changelog cpanel-dovecot-solr | grep -B1 CPANEL-39455
* Fri Dec 15 2021 Tim Mullin <tim@cpanel.net> -  8.8.2-4.cp1180
- CPANEL-39455: Add mitigation for CVE-2021-44228

You can execute below command to install patch on cPanel server:

yum update cpanel-dovecot-solr



The Apache Log4j exploit and how to protect your cPanel server



Leave a comment

Your email address will not be published. Required fields are marked *