Hello Team,
We have two minions running on two ec2 instances. In our organization we use tenable to scan all nodes for security vulnerabilities. So recently tenable has reported a vulnerability with synthetic minion jar files. I’m adding the tenable scan output regarding to minions.
Can you please help me on how to remediate the below vulnerabilities.
• If you see Plugin Output, it displays a path location with synthetics-minion.jar file location and also show which version of that jar and shows which version of jar we need to update to fix the issue. I’m not sure on how to update it. Can you please help me with it?( https://www.tenable.com/plugins/nessus/155999, https://www.tenable.com/plugins/nessus/156327)
• I was planning to do a workaround like doing a ssh into that host and cd into that Path location and delete the synthetic-minion.jar will that fix my issue or this is not a proper solution? Please let me know.
• Can you explain why NewRelic synthetic minion nodes are reporting this two vulnerabilities.
• https://www.tenable.com/plugins/nessus/12217
• https://www.tenable.com/plugins/nessus/35450
Plugin Plugin Name Family Severity IP Address Port DNS Name NetBIOS Name Plugin Output First Discovered Last Observed Days Elapsed Notes
155999 Apache Log4j < 2.15.0 Remote Code Execution (Nix) Misc. High 100.65.16.120 0 ip-100-65-16-120.ec2.internal Plugin Output:
Path : /var/lib/docker/overlay2/223701f794aa5aa3f0c0d91b83580078f742a593b448f84da10ec730512cfa81/diff/opt/newrelic/synthetics/synthetics-minion.jar
Installed version : 2.12.1
Fixed version : 2.12.3 Jan 14, 2022 14:35:41 EST Jan 19, 2022 14:34:57 EST 6 DevOps
155999 Apache Log4j < 2.15.0 Remote Code Execution (Nix) Misc. High 100.65.16.184 0 ip-100-65-16-184.ec2.internal Plugin Output:
Path : /var/lib/docker/overlay2/b473fec22eb6eee90916e0426f0e82fd434a23bfef9f255d3d436decebee08ae/diff/opt/newrelic/synthetics/synthetics-minion.jar
Installed version : 2.12.1
Fixed version : 2.12.3 Jan 14, 2022 14:35:41 EST Jan 19, 2022 14:34:57 EST 6 DevOps
156327 Apache Log4j 2.0 < 2.3.2 / 2.4 < 2.12.4 / 2.13 < 2.17.1 RCE Misc. Medium 100.65.16.120 0 ip-100-65-16-120.ec2.internal Plugin Output:
Path : /var/lib/docker/overlay2/c0fd65fabc696875a29175a1008411518156a95e5a0a0a1d56aba8dafae3430c/merged/opt/newrelic/synthetics/synthetics-minion.jar
Installed version : 2.17.0
Fixed version : 2.17.1
Path : /var/lib/docker/overlay2/223701f794aa5aa3f0c0d91b83580078f742a593b448f84da10ec730512cfa81/diff/opt/newrelic/synthetics/synthetics-minion.jar
Installed version : 2.12.1
Fixed version : 2.12.4
Path : /var/lib/docker/overlay2/7daced9ea378964694ce2be63014c9e9add7d230ee7e33ed7c5309ad5a5e3383/diff/opt/newrelic/synthetics/synthetics-minion.jar
Installed version : 2.17.0
Fixed version : 2.17.1 Jan 14, 2022 14:35:41 EST Jan 19, 2022 14:34:57 EST 6 DevOps
156327 Apache Log4j 2.0 < 2.3.2 / 2.4 < 2.12.4 / 2.13 < 2.17.1 RCE Misc. Medium 100.65.16.184 0 ip-100-65-16-184.ec2.internal
Path : /var/lib/docker/overlay2/b473fec22eb6eee90916e0426f0e82fd434a23bfef9f255d3d436decebee08ae/diff/opt/newrelic/synthetics/synthetics-minion.jar
Installed version : 2.12.1
Fixed version : 2.12.4
Path : /var/lib/docker/overlay2/1eef6f618d7ebf2e734d54e4d0fe18545ca7c33519558155ccebea601cdb1c1b/diff/opt/newrelic/synthetics/synthetics-minion.jar
Installed version : 2.17.0
Fixed version : 2.17.1
Path : /var/lib/docker/overlay2/42cf077911e9fd23b15d78457340550c0e171d64d0c0efa1a66d0ace1bf81e00/merged/opt/newrelic/synthetics/synthetics-minion.jar
Installed version : 2.17.0
Fixed version : 2.17.1 Jan 14, 2022 14:35:41 EST Jan 19, 2022 14:34:57 EST 6 DevOps
12217 DNS Server Cache Snooping Remote Information Disclosure DNS Medium 100.65.16.214 53 ip-100-65-16-214.ec2.internal Plugin Output:
Nessus sent a non-recursive query for example.com
and received 1 answer :
93.184.216.34 Jan 14, 2022 14:35:41 EST Jan 19, 2022 14:34:57 EST 6 DevOps
35450 DNS Server Spoofed Request Amplification DDoS DNS Medium 100.65.16.214 53 ip-100-65-16-214.ec2.internal Plugin Output:
The DNS query was 17 bytes long, the answer is 420 bytes long. Jan 14, 2022 14:35:41 EST Jan 19, 2022 14:34:57 EST 6 DevOps
Please let me know if you need more information
Thanks,
Srikanth