Zero Day Exploit Log4Shell

23/12/2021
Warning sign „Security Alert“ Copyright: © Pixabay  

The Zero Day Exploit Log4Shell in the Java logging library Log4j has also affected some systems at the RWTH Aachen University. This includes basic services in the area of teaching and collaboration, which are elementary especially in times of home office and online teaching.

As a first immediate measure after the security leak was discovered on December 10, 2021, the systems of the IT Center that were correspondingly at risk were reviewed and appropriate measures were initiated. This included shutting down individual systems, such as Coscine, DigitalArchive, GigaMove, GitLab and the RWTH streaming server (Opencast).

After the manufacturers provided information on security-relevant Java settings and patches to close the vulnerability, these were immediately applied to the production system. In all cases, this was preceded by a successful check in the test system. However, due to the high degree of topicality and explosiveness, not all configurations and patches proved to be sufficiently effective, so that new updates were regularly provided.

The currently valid updates have now been applied to all affected systems and the corresponding services could be reactivated on 20.12.2021 and 21.12.2021 respectively. The basis for the decision on the order in which the systems were activated was not only the priority for teaching and university operations, but also the vulnerability of the respective system and the availability of the necessary patches.

For more information on the Zero Day Exploit Log4Shell, please visit the BSI website.

A chronology of what happened

21.12.2021 Reactivation of the RWTH streaming server (Opencast)
20.12.2021 Restart of Coscine, DigitalArchive, GigaMove and GitLab
16.12.2021 Shutdown of the RWTH streaming server (Opencast)
14.12.2021 Partial commissioning of GitLab
13.12.2021 Shutdown of Coscine, DigitalArchive, GigaMove, GitLab
11.12.2021 Providing of full access to RWTHonline
10.12.2021 Zero Day Exploit Log4Shell is revealed: Start of scan of vulnerable systems at IT Center and restriction of access to RWTHonline