Tip for the weekend – scanning for Log4j vulnerabilities

Topic

New Reply

Video here I wrote about this the other day in the newsletter to check your computer for the Log4j2 vulnerability. So far the good news is that I’ve n
[See the full post at: Tip for the weekend – scanning for Log4j vulnerabilities]

Susan Bradley Patch Lady/Prudent patcher

3 users thanked author for this post.

GreatAndPowerfulTech, Microfix, Alex5723

Reply | Quote

Replies

And…not forgetting the log4jscanner for Linux and MacOS which is available over on: https://github.com/Qualys/log4jscanlinux

Select green [Code] button then download .zip file

see linked webpage for instructions

Supported platforms: Linux(RHEL, CentOS, Ubuntu, Debian, Amazon Linux, and OEL), MacOS, AIX, and Solaris
Supported architectures: x64, ARM(Linux)

If debian is good enough for NASA...

2 users thanked author for this post.

Susan Bradley, Fred

Reply | Quote

Interesting. So what does Partially Successful mean?

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Good question just rerunning in a command prompt as just executing the exe does not leave the window open . 18 seconds sounds WAY too fast.

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

I had that on a machine, it just meant that there was a file it couldn’t read, not necessarily that it found anything.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

LanSweeper has added a couple of reports to point out problematic software.

Only vulnerability I found on my network was APC PowerChute Business edition.

Reply | Quote

any comments on the Log4jRemediate program?
I found a bunch of Android SDK, studio stuff had vuls but nothing that normally runs on my home computer. (or that I have even looked at in years)

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

I didn’t want to fix/remediate, I wanted my vendor to do it.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Thanks for this version, which is much easier to use than the earlier ones you’ve mentioned. For vendor software, we can add IBM SPSS 26 for Windows to the list with vulnerabilities (three instances). There’s no obvious web exposure for this software on my machines, so I’ll wait for the next version unless a patch somehow appears before.

Reply | Quote

It is probably best to redirect to a text file which will make it easier to read once it is finished. Putting the scanner on a network share with a BAT file to call it will make it even easier to run on multiple machines. Just right click the BAT and Run as administrator.

Code:

\\SERVER\SHARE$\Log4jScanner\x64\Log4jScanner.exe > c:\%COMPUTERNAME%_log4jscanner_results.txt

Reply | Quote

Seems there is something buggy with the program. First, it spontaneously closes the command window without even giving the summary report that it’s suppose to.  Mine found a few vulnerabilities in a Steam folder but then crashed without creating any summary. I tried it again by piping to a text file, but the text file remained at zero bytes, not even showing the items it did find.

If it crashes because of some file it couldn’t read, how am I to trust that it scanned all my harddrives? I have two internal 4TB backup drives that could not possibly be scanned in the short amount of time before log4jscanner crashed.

Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.

Reply | Quote

Got it to work by making sure I unzipped the whole Log4jScannerRemediate-2.0.2.7.zip file into a directory. I had previously only extracted the log4jscanner.exe file.

Seems it needs to have the Log4jRemediate.exe file available in the same directory to properly create a summary and not close the command window.

Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.

Reply | Quote