Here we discussing a critical vulnerability in an Apache code library called Log4j. Indexed as CVE-2021-44228, the flaw is a remote code execution (RCE) vulnerability that allows an attacker to run code of their choice on an affected server. It is affected on majority of Cpanel servers. If you are using the cPanel Solr plugin then you need to uninstall it for the moment as it is potentially vulnerable.
As it cause major issues in future we can follow the below mentioned steps to identify whether it is present on the server or not.
->Login to server and from terminal run below command
rpm -q –changelog cpanel-dovecot-solr | grep -B1 CPANEL-39455
This will give result if it is present. Like below mentioned result will give if this issue have in the server.
*****************************************************************
Code:
# rpm -q –changelog cpanel-dovecot-solr | grep -B1 CPANEL-39455
* Fri Dec 10 2021 Tim Mullin <tim@cpanel.net> – 8.8.2-4.cp1180
– CPANEL-39455: Add mitigation for CVE-2021-44228
******************************************************************
As a preliminary fix we can follow below mentioned fixes in the Cpanel server.
1. We can update Cpanel using upcp to update it.
/scripts/upcp
2. Alternatively you could update just the cpanel-dovecot-solr RPM via YUM as the root user with the following command:
yum update cpanel-dovecot-solr
The cPanel Solr plugin is the only software provided and supported by cPanel that contains log4j.
If cpanel-dovecot-solr this is not in the server then it will be fine.log4j CVE-2021-44228log4j CVE-2021-44228
No other cPanel-provided packages are affected by this vulnerability and if cpanel-dovecot-solr is not installed there are no further steps needed.
