13. 12. 2021 Thomas Forrer Bug Fixes, NetEye

NetEye 4 APM, Log and SIEM Module – Security Advisory

Synopsis

Important: Elasticsearch and Logstash security updates

Type/Severity

Security Advisory: Important

Topic

An update for Logstash and Elasticsearch is now available for NetEye 4.20 and 4.21.

NetEye Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Elasticsearch is a distributed, RESTful search and analytics engine. Logstash is a dynamic data collection and transformation pipeline with an extensible plugin ecosystem. Both are the core components of the NetEye 4 APM, Log and SIEM modules.

Elasticsearch and Logstash rely on the Log4j2 library for writing their logs.

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

Security Fix(es) for NetEye 4.20:

  • elasticsearch, elasticsearch-autosetup, elasticsearch-neteye-config, elasticsearch-xpack-license, kibana, kibana-autosetup, kibana-neteye-config, logstash, logstash-autosetup, logstash-neteye-config, logstash-neteye-config-autosetup, filebeat, filebeat-autosetup, filebeat-neteye-config, apm-server, apm-server-neteye-config, apm-server-autosetup, elastic-agent, elastic-agent-neteye-config to version 7.12.1_neteye3.32.8-1.

Security Fix(es) for NetEye 4.21:

  • elasticsearch, elasticsearch-autosetup, elasticsearch-neteye-config, elasticsearch-xpack-license, kibana, kibana-autosetup, kibana-neteye-config, logstash, logstash-autosetup, logstash-neteye-config, logstash-neteye-config-autosetup, filebeat, filebeat-autosetup, filebeat-neteye-config, apm-server, apm-server-neteye-config, apm-server-autosetup, elastic-agent, elastic-agent-neteye-config to version 7.15.0_neteye3.35.4-1.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to the NetEye Update Section inside the User Guide.

After installing the updated packages, the elasticsearch and logstash daemons will be restarted automatically.

Mitigation for NetEye versions < 4.20

Add -Dlog4j2.formatMsgNoLookups=true directive to the bottom of both the /neteye/local/elasticsearch/conf/jvm.options and /neteye/shared/logstash/conf/jvm.options files.

Remove the jndiLookup class from the log4j jar package used by logstash by executing the following command:
zip -q -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.* org/apache/logging/log4j/core/lookup/JndiLookup.class

If you are running a NetEye cluster, ensure you perform these steps on every cluster node.

Finally, restart both the logstash and elasticsearch instances.

Affected Products

All NetEye 4.x versions prior to and including 4.21.

Fixes

CVEs

References

Thomas Forrer

Thomas Forrer

Team Leader Research & Development at Würth Phoenix
Hi folks! I began loving computer since 1994, it was still the time of windows 3.1. Immediately I learned starting DOS games from the command promt, and while typing some white text on black background I felt like some hackish dude in a hollywoodian movie. Later during the studies at the university, I discovered the magic world of opensource, and it was love at first sight. Finally I got rid of BSOD's =) I love everything that is connected to some network, especially in a security perspective. My motto is: "With motivation, nothing is impossibile. It only requires more time."

Author

Thomas Forrer

Hi folks! I began loving computer since 1994, it was still the time of windows 3.1. Immediately I learned starting DOS games from the command promt, and while typing some white text on black background I felt like some hackish dude in a hollywoodian movie. Later during the studies at the university, I discovered the magic world of opensource, and it was love at first sight. Finally I got rid of BSOD's =) I love everything that is connected to some network, especially in a security perspective. My motto is: "With motivation, nothing is impossibile. It only requires more time."

Latest posts by Thomas Forrer

20. 09. 2021 ctf-writeups, SEC4U
RomHack CTF 2021: Table of Contents Writeup
02. 08. 2021 Downloads / Release Notes, NetEye, Unified Monitoring
NetEye 4.19 Release Notes
03. 06. 2021 Downloads / Release Notes, NetEye, Unified Monitoring
NetEye 4.18 Release Notes
01. 04. 2021 Downloads / Release Notes, NetEye, Unified Monitoring
NetEye 4.17 Release Notes
01. 02. 2021 Downloads / Release Notes, NetEye, Unified Monitoring
NetEye 4.16 Release Notes
See All

Related Content

Tags: ,

04. 04. 2024 Bug Fixes

Important GLPI Agent 1.7.3 Security Advisory

Type/Severity Security Advisory: High Topic There is a security update for GLPI Agent Description This version specifically fixes 2 critical security issues related to MSI packaging on Windows: CVE-2024-28240: A local user could modify the GLPI Agent configuration to gain Read More
01. 08. 2023 Bug Fixes, NetEye

NetEye 4 – Security Advisory

Synopsis Important: GLPI security update Type/Severity Security Advisory: Important Topic An update for the package glpi is now available for NetEye 4. NetEye Product Security has rated this update as having a security impact of Important. Common Vulnerability Scoring System Read More
01. 08. 2023 Bug Fixes, NetEye

NetEye 4 – Security Advisory

Synopsis Important: lampod security update Type/Severity Security Advisory: Important Topic An update for the package lampod is now available for NetEye 4. NetEye Product Security has rated this update as having a security impact of Important. Common Vulnerability Scoring System Read More
12. 06. 2023 NetEye

Speeding up NetEye Updates with an RPM Mirror

When it comes to upgrading and updating NetEye, many users face a common challenge: the time required for downloading the new package versions. This process can be influenced by connection speed, the number of nodes to update, and sometimes even Read More
16. 12. 2022 Bug Fixes, NetEye

NetEye 4 Core – Security Advisory

Synopsis Important: grafana-panel-renderer security update Type/Severity Security Advisory: Important Topic An update for the package grafana-panel-renderer is now available for NetEye 4. NetEye Product Security has rated this update as having a security impact of High. Common Vulnerability Scoring System Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive