AtScale Mitigation Procedures for CVE-2021-44228

Summary

To remediate the potential impact of the Apache Security issue raised by CVE-2021-44228 affecting Apache Log4j2 versions 2.0 through 2.14.1 (Note: log4j1.X is not affected), AtScale recommends all customers that are running 2020.4.0 or later execute the procedures in this document.

 

Impacted AtScale Software Versions

CVE-2021-44228 impacts all versions of AtScale software.

Note: This document applies to AtScale versions 2020.4.0 and greater.  For Customers running AtScale versions less than AtScale 2020.4.0, please open a case with AtScale Technical Services for additional instructions.

AtScale Software Versions Covered by this Document: 

  • 2021.3.0, 2021.3.1

  • 2021.2.0

  • 2021.1.0, 2021.1.1

  • 2020.5.0, 2020.5.1, 2020.5.2

  • 2020.4.0, 2020.4.1

For other AtScale versions, please open a case with AtScale Technical Support for additional instructions.

In addition:

  • Customers running AtScale version 2021.1, 2021.2, or 2021.3 and using the AtScale Impala Driver to connect to an Impala SQL engine will need an updated driver from AtScale.  Please open a case with AtScale Technical Support for additional instructions if this scenario applies to you.

  • Customers connecting to a Databricks Data Warehouse will need an updated driver from AtScale.  Please open a case with AtScale Technical Support for additional instructions if this case applies to you.

Requirements

This procedure contains a script that can be executed on AtScale nodes to detect and remove files impacted by CVE-2021-44228.  To run this script, the following Linux packages will need to be present or installed:

  • zip

  • awk 

  • sed

  • unzip

The script will check for the presence of these packages and not execute if the packages are not installed.

 

PRE-CHECK before running the log4jfix script

Please review the following before running the log4jfix script in your AtScale environment:

Step 1

Check to ensure your AtScale Environment is running AtScale version 2020.4.0 or greater. 

If YES, you are running AtScale 2020.4 or greater, proceed to Step 2.

If NO, and you are running an older release of AtScale, then STOP.  Please open a case with AtScale support for further instructions.

Step  2

If:

  • You are running AtScale 2021.1, 2021.2, or 2021.3, AND 
  • You are connecting to an Impala SQL Engine using an Impala driver (See picture below); you must contact AtScale and open a case before proceeding.

If YES, and you are using an Impala driver to connect to Impala, STOP. Please open a case with AtScale support for further instructions.  AtScale Support will need to provide you with a new, updated driver.

If NO, and you are NOT using a connection to Impala or your connection to Impala is using a different driver (most customers use a hiveserver2 driver), proceed to Step 3.

Step 3

If you are connecting AtScale to a Databricks Data Warehouse

If YES, and you are connecting AtScale to a Databricks data warehouse, STOP.  Please open a case with AtScale support for further instructions.  AtScale Support will need to provide you with a new, updated driver

If NO, and you need to connect AtScale to a Databricks data warehouse, proceed to Step 4.

Link to Download the Procedures and Script

Please click on the following link to download the Procedure and Script

https://s3.us-west-1.amazonaws.com/files.atscale.com/shared/Technical+Bulletin+for+CVE-2021-44228_V2_17DEC2021.pdf

Was this article helpful?

0 out of 0 found this helpful