Log4J security patch update for PMC 2.7.0 and PMC 2.9.0 deployments

Log4J security patch update for PMC 2.7.0 and PMC 2.9.0 deployments

A new security flaw, known as ‘Log4Shell’, poses a critical vulnerability to millions of applications and devices across the globe. Log4Shell is a software vulnerability in Apache Log4j, a popular Java library for logging error messages in applications. The vulnerability, initially published as CVE-2021-44228, enables a remote attacker to take control of a device on the internet if the device is running certain versions of Log4j.

NComputing strongly recommends customers to update to the latest PMC 2.9.4 version or apply corresponding PMC security patch updates if you already have PMC 2.7.0 or PMC 2.9.0 deployed.

PMC 2.9.4 and PMC security patches for PMC 2.7.0 and PMC 2.9.0 address the following ‘Log4Shell’ vulnerabilities:
  1. CVE-2021-44832 (new security patch included in 2.9.4 release - based on latest Apache security update released on Dec. 28, 2021)
  2. CVE-2021-45105 (existing security patch carried over from previous 2.9.3 release)
  3. CVE-2021-45046 (existing security patch carried over from previous 2.9.3 release)
  4. CVE-2021-44228 (existing security patch carried over from previous 2.9.3 release)
If you are planning a new PMC deployment, please use PMC version 2.9.4 or higher version which is available in NComputing Management Portal (link here), or on Azure Marketplace (link here).

If you already have PMC 2.7.0 or PMC 2.9.0 deployed, please follow this KB article to apply PMC security patches to upgrade to PMC 2.7.1 and PMC 2.9.4, respectively:

Link to PMC 2.7.1 security patch for PMC 2.7.0:

Link to PMC 2.9.4 security patch for PMC 2.9.0:
https://fpesek.s3.us-west-1.amazonaws.com/CVE-2021-44832-2.9.0-to-2.9.4%2Bssh-patch.zip
 
Below please find the procedures to apply the PMC security patch update to your existing PMC 2.7.0 or 2.9.0 deployoment

1. (Optional, but recommended) Make a snapshot of the PMC VM.

2. Connect to PMC with SSH (e.g. PuTTY) and log on as the ‘root’ user. If you did not change the ‘root’ user password according to the suggestion from PMC Release Notes, then the default ‘root’ user password is ‘pmcadmin’.

3.Change the directory to ‘/tmp’ and create the ‘patch’ folder there. Then change the directory to the newly created one:
            cd /tmp
            mkdir patch
            cd patch
4. Use SCP (e.g. WinSCP) to copy the zipped patch file (‘CVE-2021-44832-2.7.0-to-2.7.1+ssh-patch.zip’ or ‘CVE-2021-44832-2.9.0-to-2.9.4+ssh-patch.zip’) to ‘/tmp/patch’ folder on PMC server.

5. In SSH session, execute the following commands to unzip the patch file for PMC 2.7.0 or PMC 2.9.0, respectively:
unzip -j CVE-2021-44832-2.7.0-to-2.7.1+ssh-patch.zip
unzip -j CVE-2021-44832-2.9.0-to-2.9.4+ssh-patch.zip
6. In SSH session, execute the following command to set proper permissions on the patch script:
chmod +x apply-pmc-patch.sh

7. Execute the patch script:
./apply-pmc-patch.sh

8. Type ‘yes’ to confirm you want to proceed, when asked.



    • Related Articles

    • PMC 3.0, Start Guide

      Overview This document is an extraction from the release notes of PMC 3.0. It covers everything you need to know, in-depth, regarding installation and deployment of PMC. It is always recommended that you use the current release notes of every PMC ...
    • PMC 2.5 Quick Start Guide

      Product Release Notes: NComputing PMC, Version 2.5.0 Product: NComputing PMC Version: 2.5.0 Supported virtual machine environments:   VMware ESXi 6.7 Citrix XenServer 7.4.0 Microsoft Hyper-V Manager Version 10.0.17763.1 PMC has been tested and ...
    • What is PMC?

      OverviewNComputing PMC is an endpoint management system designed and developed to remotely manage NComputing access devices including LEAF OS devices (PCs/Laptops), RX420(RDP), RX-RDP+, RX-RDP and RX-300 thin clients.   PMC is provided as a virtual ...
    • How can I update firmware for RX-RDP, RX-RDP+, RX420(RDP) and LEAF OS devices?

      Please refer to RX-RDP, RX-RDP+, RX420(RDP), RX300 and LEAF OS user configuration guide for additional details:  https://support.ncomputing.com/portal/kb/articles/rx300-rx-rdp-user-configuration-guide The Support section of Setup GUI contains ...
    • Why am I getting 'Unsupported format of update package" message when I upload new firmware to PMC?

      For PMC version 2.0.1 and earlier versions, there is a bug when you try to upload a new RX-series firmware image to PMC, PMC may display the following message: An easy work-around is to reboot the PMC appliance (no need to reboot the whole hypervisor ...