Logit.io Log4Shell Security Update

Learn how Logit.io responded to the CVE-2021-4422 and CVE-2021-45046 security vulnerability

Summary

This blog post provides a summary of CVE-2021-44228 and CVE-2021-45046 and provides details of the steps that have been taken by Logit.io to mitigate the exploitation of the vulnerability.

Please be aware that Apache is publishing security updates that should also be considered by your security teams. This post is accurate from December 15th 2021 & we will provide further updates to this post as we learn more.

Logit.io Log4J2 Security Update (CVE-2021-44228 & CVE-2021-45046)

On the 9th of December, 2021, a remote code vulnerability affecting Apache's Log4J2 library was revealed publicly, having been reported under the CVE ID: CVE-2021-44228. Log4j2 is an open-source logging framework present in many Java based applications on both end-user systems and servers.

The vulnerability allows exploitation through improper deserialisation of user inputs into the framework, which in turn allows for remote code execution. Attackers can ultimately leak sensitive data including environment variables or execute scripts on the target machine.

The vulnerability is also known as Log4Shell, CVE-2021-44228, and previously LogJam. In addition, no authentication is required to exploit this vulnerability, making it extremely trivial to take advantage of.

How did Logit.io respond to this vulnerability?

Our teams responded with the highest priority to vulnerability CVE-2021-44228 that was impacting multiple versions of the Apache Log4j2, these are the steps taken by our teams:

• Logit.io engineers and security incident management teams proceeded to actively analyse, identify and where necessary patch all affected log4j2 versions across all Logit.io Logstash and Elasticsearch instances.

• We made a decision based on official remediation advice to take the most cautious approach of removing the JndiLookup class from the classpath.

• If you want to view more details in regards to this incident see our status update.

• In addition, the Logit.io security teams are using our observability platform to monitor and analyse its internal logs, and have updated our monitoring of all internal services to include active alerting of any attempts to issue remote code execution via the JndiLookup class.

We are happy to assure our users that we have not discovered any evidence of this exploit being leveraged against the Logit.io platform.

If there are any changes to the status of Log4Shell affecting the Logit.io platform this will be communicated to all of our users proactively.

If you have any questions or concerns, please reach out to us via your account manager, live chat or [email protected] and we’ll be happy to answer any questions you may have about this ongoing situation.