Admins urged to patch SolarWinds Serv-U against Log4J bug

IT administrators whose firms use SolarWinds’ Serv-U file transfer application are being urged to install an update after the discovery of a Log4j2 vulnerability.

Microsoft, which discovered the bug (CVE-2021-35247), described it as an “input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation.”

The discovery came when Microsoft saw suspicious attacks during its ongoing monitoring of threats taking advantage of the Log4j2 vulnerabilities.

SolarWinds issued an update for Serv-U, version 15.3, to patch the bug. It said the Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. The fix updates the input mechanism to perform additional validation and sanitization.

“No downstream effect has been detected as the LDAP servers ignored improper characters,” SolarWinds added.

Separately, a researcher at Akamai discovered evidence in a captured binary that the Mirai botnet is trying to exploit the Log4j2 vulnerability in network devices made by Zyxel.

However, he added, the LDAP server where the exploit was hosted was no longer active when researchers attempted to download the Java payload class.

“It could be that Zyxel was specifically targeted since they published a blog stating they were impacted by the log4j vulnerability,” blog author Larry Cashdollar said. Of all its products, only the company’s NetAtlas Element Management System is vulnerable. Zyxel issued a hotfix on Dec. 20, 2021, and full patches will be available at the end of February.

“The interesting thing about this malware is if you have automated string extraction utilities for malware samples that log to a vulnerable Log4j instance, this payload could execute,” he added. “Doing so could possibly, depending on your setup, infect your malware analysis system.  Again, patching your vulnerable systems is the key here to protect your servers from compromise.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Featured Tech Jobs

 

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.