Amit's Oracle DBA Blog: log4j vulnerability in OMS - 13.4

There is vulnerability in OMS 13.4 for log4j so Oracle Support suggested to apply patch (33672721)

You can see the below *2.8.2.jar* file in OMS locations.

Besides there is vulnerability from Log4j version >= 2.0 and <=2.15 version

location :-

$] cd /app/oracle/gc_inst

$ ] find . | grep -i log4j | grep jar

Before Patch:-

$ find . | grep -i log4j | grep jar

./user_projects/domains/GCDomain/servers/EMGC_OMS1/tmp/_WL_user/OCMRepeater/9ldmij/war/WEB-INF/lib/log4j-core.jar

./user_projects/domains/GCDomain/servers/EMGC_OMS1/tmp/_WL_user/emdb/r251e3/database/jet/emsaasui/emcdbms-ui/ear/APP-INF/lib/log4j-1.2.16.jar

./user_projects/domains/GCDomain/servers/EMGC_OMS1/tmp/_WL_user/emdb/r251e3/database/jet/emsaasui/emcdbms-ui/ear/APP-INF/lib/log4j-api-2.8.2.jar

./user_projects/domains/GCDomain/servers/EMGC_OMS1/tmp/_WL_user/emdb/r251e3/database/jet/emsaasui/emcdbms-ui/ear/APP-INF/lib/log4j-core-2.8.2.jar

./user_projects/domains/GCDomain/servers/EMGC_OMS1/tmp/_WL_user/emdb/r251e3/database/jet/emsaasui/emcdbms-ui/ear/APP-INF/lib/log4j-web-2.8.2.jar

./user_projects/domains/GCDomain/servers/EMGC_OMS1/tmp/_WL_user/emdb/r251e3/database/jet/emsaasui/emcdbms-ui/ear/APP-INF/lib/slf4j-log4j12-1.6.1.jar

./user_projects/domains/GCDomain/servers/EMGC_OMS1/tmp/_WL_user/log4j_jar

./user_projects/domains/GCDomain/servers/EMGC_OMS1/tmp/_WL_user/log4j_jar/tihxoi

./user_projects/domains/GCDomain/servers/EMGC_OMS1/tmp/_WL_user/log4j_jar/tihxoi/.classinfos

./user_projects/domains/GCDomain/servers/EMGC_OMS1/tmp/_WL_user/log4j_jar/tihxoi/.classinfos/.cache.ser

How to apply patch to mitigate the issue.

1)$ ./opatch version

OPatch Version: 13.9.4.2.7

2)$ cd OMSPatcher

$ ./omspatcher version

OMSPatcher Version: 13.9.4.6.0

OPlan Version: 12.2.0.1.16

3) Analyze the patch

$ pwd

/applications/oracle/OEM13.4/middleware/OMSPatcher

$ omspatcher apply -analyze /tmp/BUG_LOG4J/33672721

OMSPatcher Automation Tool

OMSPatcher version : 13.9.4.6.0

OUI version : 13.9.4.0.0

Running from : /applications/oracle/OEM13.4/middleware

Log file location : /applications/oracle/OEM13.4/middleware/cfgtoollogs/omspatcher/opatch2021-12-22_12-11-15PM_1.log

OMSPatcher log file: /applications/oracle/OEM13.4/middleware/cfgtoollogs/omspatcher/33672721/omspatcher_2021-12-22_12-11-39PM_analyze.log

Please enter OMS weblogic admin server URL(t3s://samik.oms:7101):>

Please enter OMS weblogic admin server username(weblogic):>

Please enter OMS weblogic admin server password:>

Configuration Validation: Success

Running apply prerequisite checks for sub-patch(es) "33672721" and Oracle Home "/applications/oracle/OEM13.4/middleware"...

Sub-patch(es) "33672721" are successfully analyzed for Oracle Home "/applications/oracle/OEM13.4/middleware"

Complete Summary

================

All log file names referenced below can be accessed from the directory "/applications/oracle/OEM13.4/middleware/cfgtoollogs/omspatcher/2021-12-22_12-11-15PM_SystemPatch_33672721_1"

Prerequisites analysis summary:

-------------------------------

The following sub-patch(es) are applicable:

Featureset Sub-patches Log file

---------- ----------- --------

oracle.sysman.top.oms 33672721 33672721_opatch2021-12-22_12-11-38PM_1.log

Log file location: /applications/oracle/OEM13.4/middleware/cfgtoollogs/omspatcher/33672721/omspatcher_2021-12-22_12-11-39PM_analyze.log

OMSPatcher succeeded.

Check the OMS status:

[oracle@samik.com.oem01p bin]$ ./emctl status oms -details

Oracle Enterprise Manager Cloud Control 13c Release 4

Enter Enterprise Manager Root (SYSMAN) Password :

Console Server Host : samik.com.oem01p

HTTP Console Port : 7788

HTTPS Console Port : 7803

HTTP Upload Port : 4889

HTTPS Upload Port : 4903

EM Instance Home : /applications/oracle/oms13R4/gc_inst/em/EMGC_OMS1

OMS Log Directory Location : /applications/oracle/oms13R4/gc_inst/em/EMGC_OMS1/sysman/log

OMS is not configured with SLB or virtual hostname

Agent Upload is locked.

OMS Console is locked.

Active CA ID: 1

Console URL: https://samikoem01p.com:7803/em

Upload URL: https://samikoem01p.com:4903/empbs/upload

WLS Domain Information

Domain Name : GCDomain

Admin Server Host : samik.com.oem01p

Admin Server HTTPS Port: 7102

Admin Server is RUNNING

Oracle Management Server Information

Managed Server Instance Name: EMGC_OMS1

Oracle Management Server Instance Host: samik.com.oem01p

WebTier is Up

Oracle Management Server is Up

JVMD Engine is Up

BI Publisher Server Information

BI Publisher Managed Server Name: BIP

BI Publisher Server is Up

BI Publisher HTTP Managed Server Port : 9701

BI Publisher HTTPS Managed Server Port : 9803

BI Publisher HTTP OHS Port : 9788

BI Publisher HTTPS OHS Port : 9851

BI Publisher is locked.

BI Publisher Server named 'BIP' running at URL: https://samik.com.oem01p:9851/xmlpserver/servlet/home

BI Publisher Server Logs: /applications/oracle/oms13R4/gc_inst/user_projects/domains/GCDomain/servers/BIP/logs/

BI Publisher Log : /applications/oracle/oms13R4/gc_inst/user_projects/domains/GCDomain/servers/BIP/logs/bipublisher/bipublisher.log

4)emctl stop oms

[oracle@samik.com.oem01p bin]$ ./emctl stop oms

Oracle Enterprise Manager Cloud Control 13c Release 4

Stopping Oracle Management Server...

Oracle Management Server Successfully Stopped

Oracle Management Server is Down

JVMD Engine is Down

5)$ export OMSPATCHER_JRE_MEMORY_OPTIONS="-Xmx4096m"

You have mail in /usr/spool/mail/oracle

$ pwd

/tmp/BUG_LOG4J/33672721

$ pwd

/tmp/BUG_LOG4J/33672721

5) Applying the patch

$ /applications/oracle/OEM13.4/middleware/OMSPatcher/omspatcher apply

OMSPatcher Automation Tool

OMSPatcher version : 13.9.4.6.0

OUI version : 13.9.4.0.0

Running from : /applications/oracle/OEM13.4/middleware

Log file location : /applications/oracle/OEM13.4/middleware/cfgtoollogs/omspatcher/opatch2021-12-22_12-49-09PM_1.log

OMSPatcher log file: /applications/oracle/OEM13.4/middleware/cfgtoollogs/omspatcher/33672721/omspatcher_2021-12-22_12-49-27PM_deploy.log

Please enter OMS weblogic admin server URL(t3s://ffm04aixhatest02-mng:7101):>

Please enter OMS weblogic admin server username(weblogic):>

Please enter OMS weblogic admin server password:>

Configuration Validation: Success

Running apply prerequisite checks for sub-patch(es) "33672721" and Oracle Home "/applications/oracle/OEM13.4/middleware"...

Sub-patch(es) "33672721" are successfully analyzed for Oracle Home "/applications/oracle/OEM13.4/middleware"

To continue, OMSPatcher will do the following:

[Patch and deploy artifacts] :

Do you want to proceed? [y|n]

User Responded with: Y

Applying sub-patch(es) "33672721"

Please monitor log file: /applications/oracle/OEM13.4/middleware/cfgtoollogs/opatch/opatch2021-12-22_12-49-27PM_1.log

Complete Summary

================

All log file names referenced below can be accessed from the directory "/applications/oracle/OEM13.4/middleware/cfgtoollogs/omspatcher/2021-12-22_12-49-09PM_SystemPatch_33672721_1"

Patching summary:

-----------------

Binaries of the following sub-patch(es) have been applied successfully:

Featureset Sub-patches Log file

---------- ----------- --------

oracle.sysman.top.oms_13.4.0.0.0 33672721 33672721_opatch2021-12-22_12-49-27PM_1.log

Log file location: /applications/oracle/OEM13.4/middleware/cfgtoollogs/omspatcher/33672721/omspatcher_2021-12-22_12-49-27PM_deploy.log

OMSPatcher succeeded.

6) Start the OMS

$./emctl start oms

Oracle Enterprise Manager Cloud Control 13c Release 4

Starting Oracle Management Server...

WebTier Successfully Started

Oracle Management Server Successfully Started

Oracle Management Server is Up

JVMD Engine is Up

Starting BI Publisher Server ...

BI Publisher Server Already Started

BI Publisher Server is Up

7) You can check the jar files existence before and after applying patch

cd /applications/oracle/OEM13.4/gc_inst