vCenter

 View Only
Expand all | Collapse all

CVE-2021-44228 Vmon log4J Issue

Pascal311

Pascal311Dec 16, 2021 12:58 PM

  • 1.  CVE-2021-44228 Vmon log4J Issue

    Posted Dec 16, 2021 10:17 AM

    Hello

    when i run "C:\Program Files\VMware\vCenter Server\python\python.exe" vMON.py I have an error message, could someone help ?

    Thanks

    Pascal

    c:\Utils>"C:\Program Files\VMware\vCenter Server\python\python.exe" vMON.py

    Traceback (most recent call last):

      File "vMON.py", line 14, in <module>

        content = json.load(f)

      File "C:\Program Files\VMware\vCenter Server\python\lib\json\__init__.py", lin

    e 268, in load

        parse_constant=parse_constant, object_pairs_hook=object_pairs_hook, **kw)

      File "C:\Program Files\VMware\vCenter Server\python\lib\json\__init__.py", lin

    e 319, in loads

        return _default_decoder.decode(s)

      File "C:\Program Files\VMware\vCenter Server\python\lib\json\decoder.py", line

     339, in decode

        obj, end = self.raw_decode(s, idx=_w(s, 0).end())

      File "C:\Program Files\VMware\vCenter Server\python\lib\json\decoder.py", line

     357, in raw_decode

        raise JSONDecodeError("Expecting value", s, err.value) from None

    json.decoder.JSONDecodeError: Expecting value: line 29 column 9 (char 2251)



  • 2.  RE: CVE-2021-44228 Vmon log4J Issue

    Posted Dec 16, 2021 10:33 AM

    Thread reported, asking a moderator to move it to the area for vCenter Server.

     



  • 3.  RE: CVE-2021-44228 Vmon log4J Issue

    Posted Dec 16, 2021 12:58 PM


  • 4.  RE: CVE-2021-44228 Vmon log4J Issue

    Posted Dec 16, 2021 02:13 PM

    Did you change path, I got same issue after following this issue resolved

    • Step 3: Execute the python script named vMON.py attached to this KB article 
    The script can be executed from any path using the following command:

    C:\%VMWARE_PYTHON_BIN% vMON.py

    Note: If you have issues with running the script in Windows, run the following:

    echo "%VMWARE_PYTHON_BIN%"

    Use the resulting value for the path to python.exe. For example: 
    "C:\Program Files\VMware\vCenter Server\python\python.exe" vMON.py

     

    Refer this KB

    https://kb.vmware.com/s/article/87096

     



  • 5.  RE: CVE-2021-44228 Vmon log4J Issue

    Posted Dec 16, 2021 03:03 PM

    I need some help; we only need the validation portion to take in the separate script. This will be used for daily running tasks until a patch is provided. Can somebody help me with it.
    Thanks



  • 6.  RE: CVE-2021-44228 Vmon log4J Issue

    Posted Dec 17, 2021 04:33 AM

      Hi  I have tried the same error which occurred 

     

    C:\>"C:\Program Files\VMware\vCenter Server\python\python.exe" vMON.py

    Traceback (most recent call last):

      File "vMON.py", line 14, in <module>

        content = json.load(f)

      File "C:\Program Files\VMware\vCenter Server\python\lib\json\__init__.py", lin

    e 268, in load

        parse_constant=parse_constant, object_pairs_hook=object_pairs_hook, **kw)

      File "C:\Program Files\VMware\vCenter Server\python\lib\json\__init__.py", lin

    e 319, in loads

        return _default_decoder.decode(s)

      File "C:\Program Files\VMware\vCenter Server\python\lib\json\decoder.py", line

     339, in decode

        obj, end = self.raw_decode(s, idx=_w(s, 0).end())

      File "C:\Program Files\VMware\vCenter Server\python\lib\json\decoder.py", line

     357, in raw_decode

        raise JSONDecodeError("Expecting value", s, err.value) from None

    json.decoder.JSONDecodeError: Expecting value: line 29 column 9 (char 2251)

     


  • 7.  RE: CVE-2021-44228 Vmon log4J Issue

    Posted Dec 17, 2021 10:24 AM

    Rajeev

    yes i tried, and i have this error message

    I don't know what to do more honestly

    Cordially

    Pascal



  • 8.  RE: CVE-2021-44228 Vmon log4J Issue

    Posted Dec 17, 2021 03:20 PM

    I hade the same errors, but, the script actual work, i can see that it did modufy alle the JSON files with the added agrument.



  • 9.  RE: CVE-2021-44228 Vmon log4J Issue

    Posted Dec 19, 2021 01:46 PM

    AllanKjaer

    Are you sure files are modified ? which files you verified ?

    Thank you

    Cordially

    Pascal



  • 10.  RE: CVE-2021-44228 Vmon log4J Issue

    Posted Dec 19, 2021 05:19 PM

    Just look in the python script. it searches for the evironment varible "VMWARE_CFG_DIR" and modifies the json files, it adds this "-Dlog4j2.formatMsgNoLookups=true" line to the "StartCommandArgs" section. 



  • 11.  RE: CVE-2021-44228 Vmon log4J Issue

    Posted Dec 20, 2021 01:22 PM

    Not in vsphere-ui.json, this file is not modified for me



  • 12.  RE: CVE-2021-44228 Vmon log4J Issue

    Posted Dec 21, 2021 10:05 AM

    I have advised my customer to check and do the change in the file manual.



  • 13.  RE: CVE-2021-44228 Vmon log4J Issue

    Posted Dec 21, 2021 03:29 PM

    I'm facing the same error when I running vMon.py.



  • 14.  RE: CVE-2021-44228 Vmon log4J Issue

    Posted Dec 21, 2021 03:36 PM

    Try looking at the KB again, they have updated it, and you can now run another script, instead of the 2.

    https://kb.vmware.com/s/article/87096



  • 15.  RE: CVE-2021-44228 Vmon log4J Issue

    Posted Dec 21, 2021 03:46 PM

    thank you for your reply, I will perform that file before and then I let you know the results. thanks a lot



  • 16.  RE: CVE-2021-44228 Vmon log4J Issue

    Posted Dec 21, 2021 04:17 PM

    I´ve performed the vc_log4j_mitigator.py file and was completed with success! 10 files was found and fixed! now I got a message error during the service start...
    Log file: D:\ProgramData\VMware\vCenterServer\logs\vmsa-2021-0028_2021_12_21_16_02_21.log
    ===========================
    2021-12-21T13:05:57 INFO start: starting services
    2021-12-21T13:05:57 DEBUG run_command: Running command: ['D:\\Program Files\\VMware\\vCenter Server\\bin\\service-control.bat', '--start', '--all']
    2021-12-21T13:13:33 DEBUG run_command: Done running command
    2021-12-21T13:13:33 ERROR run_command: RC = 1
    Stdout = b'Operation not cancellable. Please wait for it to finish...\r\nPerforming start operation on service vmware-cis-config...\r\nSuccessfully started service vmware-cis-config\r\nPerforming start operation on service VMWareAfdService...\r\nSuccessfully started service VMWareAfdService\r\nPerforming start operation on service VMWareDirectoryService...\r\nSuccessfully started service VMWareDirectoryService\r\nPerforming start operation on service VMWareCertificateService...\r\nSuccessfully started service VMWareCertificateService\r\nPerforming start operation on service VMwareIdentityMgmtService...\r\nSuccessfully started service VMwareIdentityMgmtService\r\nPerforming start operation on service VMwareSTS...\r\nSuccessfully started service VMwareSTS\r\nPerforming start operation on service VMwareDNSService...\r\nSuccessfully started service VMwareDNSService\r\nPerforming start operation on profile: ALL...\r\nSuccessfully started service vmon\r\n'
    Stderr = b'Service-control failed. Error: Failed to start services in profile ALL. RC=1, stderr=Failed to start eam, vapi-endpoint, vmware-vpostgres, vpxd-svcs, vsphere-client, vsphere-ui services. Error: Operation timed out\r\r\n\r\n'
    2021-12-21T13:13:33 ERROR start: error occurred while trying to start services