Hi, this is Andrea from the GSCBX ray team Dell published a DS A regarding AD E MC BX ray security update for Apache law four J remote code execution vulnerability related to the CBE dash 20 21-44228. On December 10th, 2021 critical remote code vulnerability was published concerning the Apache L four J library. The X ray is impacted by this vulnerability and on this KB, we can see fixes and work around the more details. Please have a full read out of the KB as well for more details. Just to remember a very important point is that the full mitigation for BX ray requires both the BCSA work around but as well, the BX ray work around scrolling down on the KB. We're gonna see the sections related to work arounds and mitigation.
In this video, we're gonna talk specifically about the V CS A so we can open the VM ware KB and you can see all the details about and all the components affected by this V MS A specifically related to the V center server sections. You have the related KP opening the KB, we can see the worker instruction to address this vulnerability. There is a Python script to automate the steps but as well as some manual work around in this video, we're gonna talk about the appliance 6 to 7 X work around scrolling down. We can see the specifically steps required.
We will have to apply a workaround on the V on service on the analytic service. In case we are running a version six or seven updated 30 or older version, we will have to apply another work around for the CM service, secure token service, identity management service. And finally verifying the changes before performing any steps of this work around. It is strongly suggested to take a snapshot of the B center and the PSC is to run, you know V center and with external PSC. So um just to avoid inconsistency in case of a link mode. And in case, for example of BC F and BX ray environment, we strongly suggest you to shut down the VM first and then take a snapshot with the power of VM.
So we log on the host where the VM is running, we identify the VM and we shut it down. Once the E is powered off, we can take an action snapshot, take a snapshot, we can use that meaningful name and take a snapshot. Once we confirm that the snap has been created correctly, we come over on again the BM and start to perform the work around. First step is to apply the workaround on the von surface. So first step is to copy and make up a cup of the von Java wrapper von file for my copy. And the second step, we need to update the file using D I editor should be comfortable using V I. So in this case, we need to remove this uh specific string at the end of the file and then insert the two new strings as per the KB. So this is what we find in the original file and this is after the update. So to perform the update, we can um press ask and then shift capital letter G.
So we can go at the end of the file. So first ask to go in mode and then shift last year, we are at the end of the file and now we can press DD to remove the letter, then press ask again, then I to go in insert mode and then finally semicolon WQ bank. So that's what we're gonna do right now. Just ask and the deep to remove the line, press e insert mode. Now I can copy the two strings, update the strings past them. I checked that everything is correct. Then I can press ask again, right? Quit bank and save the file. OK. This point I can restart all the decent services. So service control dash dash, stop, dash dash all and I wait until all the services are stopped. And once all the services are stopped, we can restart them and we wait, wait a while until all the surfaces it is gonna be are gonna be up and running.
Once all the services are back up and running and we can check using the status commander, we can move on to the next step. We have now to apply the workaround on the analytic service. Just you know, be aware that this is applicable for viant appliance 67, updated 30 an older version only for newer appliances. The previous work around on the von, it's uh sufficient. If you are not sure about which version are you running, you can simply check. So on the vcenter, you can write the VPXD dash B and you're gonna get a bill number, then this build number can be conferred on the um the there is a VM Ware KB with the build numbers and versions for VM ware P center server. The KB is the 2143838. And if you look at the specific build number, you will see in this case, I'm running 67 update Tria. So the patch is actually required. So I need to perform these steps. I make a copy of the log J log for J core jar file. And once I perform a copy, I can run this zip command to disable the class. There is no output but in case, you are not sure if the command was successful, you can rerun it again. And in this case, because it was already done, there's nothing to do. So after that, we can restart the service.
The VM Ware Analytic service service has not been resolved. So be aware that these two steps have to be applied on the Vicent. But as well in case you have an external PSC on the PSC itself. Now we're gonna apply the workaround on the CM service. So here we need to have a copy of the core log four J file screen. And then again, using a zip file to disable also the same service class and fine at it, you can stop the CM service and start it again. The next step is to apply the work on the, on the secure token service. So the service is running on the PSC. So if you have a setup where the, the center and the PSC uh with the external PSC, then you need to log on the PSC to perform this T. So we always perform a copy of the STSD file. So we're looking on that our PSC or my copy and we edited the file. In this case, you can see that the KB is suggesting you to reach around row um row 266 near this, you know, string. So what we can do is that on the eye, you can, we can go on this specific line and look around In this case, we need to look at this action start service. And specifically the KB ask you to insert a line just before this drink.
This is the line that we need to add. Go back to our consult, we identify the line and we can press ask, insert and then insert the string. So let's ask, then press it to insert and then insert the street, ask insert on insert mode. And so ther and now we can save the fire. Once we save the file, we can restart the service. Oh and start and the service is now restart as successful. Finally, we can perform the work around on the identity management service. So we will back up copy of the VM ware dash sts dash id MD file still this file as well. It's on the PSC, this series as well as on the PSC, a copy of it. And we edit this file also a year same as before. We need to look for line 177. And we can see that we need to insert a line before the debug s screen press ask insert, go in insert mode lost the strength, can realign the ear, make it nice and clean right quick. And we confirm the changes and then we can restart the service. Where's the stop? And then to start.
Finally, it is the time to verify the changes. So we can check if the analytics sir, if we check on the center, we can check if the analytics services changes have been applied successfully should return zero. And the CM service changes, you should as well return zero. So the class has been disabled. And for example, if we wanna look, if STSD is running in this case, you know, it's running on the PSC service to see if the change has been successful, we can look. And for example, we can see that this particular format method, not the lookups, it's actually true on sds, on sds C and so on. So it worked. Thanks a lot for listening and have a great day. A.
