Last week, a vulnerability was found in Log4j, (Apache Log4J library ). If left unfixed, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software.
Log4j is used worldwide across software applications and online services, and the vulnerability requires very little expertise to exploit. This makes Log4shell potentially the most severe computer vulnerability in years.
Your server vulnerable if you are running other Java applications/ services (server side java). Please contact your software vendor for updates and patches.
If you have a dedicated or virtual server with cPanel installed and have enabled the Solr plugin for cPanel(cpanel-dovecot-solr) then your server maybe vulnerable.
If you do not have this installed, then your cPanel server is secure. Any new installations of Dovecot_FTS will include the patched RPM by default. You can check if this RPM is installed with the following command.
Example if installed:
# rpm -q cpanel-dovecot-solr cpanel-dovecot-solr-8.8.2-4.11.1.cpanel.noarch
We strongly advise if you have cPanel installed confirm they are running the latest version patched :
To update your cPanel installation : log on to WHM and go to: Home > cPanel > Upgrade to Latest Version
cPanel published an update with the mitigation for CVE-2021-44228 to the cpanel-dovecot-solr RPM in version 8.8.2-4+. This patch will automatically be applied during the nightly updates if this package is installed. You can confirm if your server is patched by using:
Example output of patched RPM:
# rpm -qv --changelog cpanel-dovecot-solr | grep -B1 CPANEL-39455 * Fri Dec 15 2021 Tim Mullin <email@example.com> - 8.8.2-4.cp1180 - CPANEL-39455: Add mitigation for CVE-2021-44228
You can execute below command to install patch on cPanel server:
yum update cpanel-dovecot-solr