OracleWeblogic反序列化漏洞(CVE-2018-2893)的补丁升级
操作
Oracle官⽅发布了7⽉份的关键补丁更新 CPU(CriticalPatchUpdate ),其中包含⼀个⾼危的 Weblogic 反序列化漏洞 (CVE-2018-2893 ),该漏洞通过JRMP协议利⽤RMI机制的缺陷达到执⾏任意反序列化代码的⽬。 攻击者可以在未授权情况下将 payload 封装在T3协议中,通过对T3协议中的 payload 进⾏反序列化,从⽽实现对存在漏洞的 进⾏反序列化,从⽽实现对存在漏洞的WebLogic组件进⾏远程攻击,执⾏任意代码并可获取⽬标系统的所有权限。受影响的颁布为Oracle WebLogicServer 10.3.6.0,Oracle WebLogicServer 12.1.3.0,Oracle WebLogicServer 12.2.1.2,Oracle WebLogicServer 12.2.1.3
Oracle⽬前已经发布了升级补丁可参考链接"Critical Patch Update (CPU) Program July 2018 Patch Availability Document (PAD) (Doc ID 2394520.1)"
我们的⽣产环境WebLogic主要是两个版本10.3.6.0与12.1.3.0。下⾯是具体操作
对于10.3.6.0版本需要执⾏bsh.sh脚本来进⾏补丁安装
1.⾸先下载补丁包27919965_1036_Generic.zip
2.将补丁包27919965_1036_Generic.zip上传到{MW_HOME}/utils/bsu/cache_dir 其中MW_HOME是Weblogic的BASE⽬录,类似于Oracle BASE⽬录
3.将补丁包27919965_1036_Generic.zip解压
[root@app1 cache_dir]# unzip p2*******_1036_Generic.zip
Archive:  p2*******_1036_Generic.zip
extracting: B47X.jar
inflating: l
inflating:
4.执⾏安装命令(bsu.sh -install -patch_download_dir={MW_HOME}/utils/bsu/cache_dir -patchlist={PATCH_ID} -prod_dir= {MW_HOME}/{WL_HOME}) 其中WL_HOME是WebLogic home⽬录
root@app1 bsu]# ./bsu.sh -install -patch_download_dir=/wls11g/utils/bsu/cache_dir -patchlist=B47X -prod_dir=/wls11g/wlserver_10.3
Checking
No conflict(s) detected
Installing Patch ID: B47X..
Result: Success
5.检查补丁包是否安装成功
[root@app1 bsu]# ./bsu.sh -prod_dir=/wls11g/wlserver_10.3 -status=applied -verbose -view ProductName:      WebLogic Server
ProductVersion:    10.3 MP6
Components:        WebLogic Server/Core Application Server,WebLogic Server/Admi
nistration Console,WebLogic Server/Configuration Wizard and
Upgrade Framework,WebLogic Server/Web 2.0 HTTP Pub-Sub Serve
r,WebLogic Server/WebLogic SCA,WebLogic Server/WebLogic JDBC
Drivers,WebLogic Server/Third Party JDBC Drivers,WebLogic S
erver/WebLogic Server Clients,WebLogic Server/WebLogic Web S
erver Plugins,WebLogic Server/UDDI and Xquery Support,WebLog
ic Server/Evaluation Database,WebLogic Server/Workshop Code
Completion Support
BEAHome:          /wls11g
ProductHome:      /wls11g/wlserver_10.3
PatchSystemDir:    /wls11g/utils/bsu
PatchDir:          /wls11g/patch_wls1036
Profile:          Default
DownloadDir:      /wls11g/utils/bsu/cache_dir
JavaVersion:      1.6.0_29
JavaVendor:        Sun
Patch ID:          B47X
PatchContainer:    B47X.jar
Checksum:          -345780037
Severity:          optional
Category:          General
CR/BUG:            27919965
Restart:          true
Description:      WLS PATCH SET UPDATE 10.3.6.0.180717
WLS PATCH SET UPDATE 10
.
3.6.0.180717
6.重启WebLogic
[root@app1 bsu]# service weblogic restart
Stopping weblogic: weblogic is not running.
Starting weblogic:
[root@app1 bsu]# .
JAVA Memory arguments: -Xms4096m -Xmx4096m  -XX:MaxPermSize=1024m
.
WLS Start Mode=Production
.
CLASSPATH=/wls11g/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/wls11g/patch_ocp371/profiles/default/sys_manifest_cl asspath/weblogic_patch.jar:/usr/lib/jvm/java-
1.6.0-openjdk-
1.6.0.0.x86_64/lib/tools.jar:/wls11g/wlserver_10.3/server/lib/weblogic_sp.jar:/wls11g/wlserver_10.3/server/lib/weblogic.jar:/wls11g/modules/features/webl dules_10.3.6.0.jar:/wl
s11g/wlserver_10.3/server/lib/webservices.jar:/wls11g/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/wls11g/modules/net.sf.antcontrib_1.1.0.0_1-
0b2/lib/ant-
contrib.jar:/wls11g/wlserver_10.3/common/derby/lib/derbyclient.jar:/wls11g/wlserver_10.3/server/lib/xqrl.jar:.:/weblogic11_64/jdk1.6.0_20/lib/dt.jar:/weblo gic11_64/jdk1.6.0_20/lib/tools.jar
.
PATH=/wls11g/wlserver_10.3/server/bin:/wls11g/modules/org.apache.ant_1.7.1/bin:/usr/lib/jvm/java-1.6.0-openjdk-
1.6.0.0.x86_64/jre/bin:/usr/lib/jvm/java-1.6.0-openjdk-
1.6.0.0.x86_64/bin:/weblogic11_64/jdk1.6.0_20/bin:/usr/lib64/qt-
3.3/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
.
***************************************************
*  To start WebLogic Server, use a username and  *
*  password assigned to an admin-level user.  For *
*  server administration, use the WebLogic Server *
*  console at hostname:port/console        *
***************************************************
starting weblogic with Java version:
java version "1.6.0"
OpenJDK  Runtime Environment (build 1.6.0-b09)
OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode)
Starting WLS with line:
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java -server  -Xms4096m -Xmx4096m  -XX:MaxPermSize=1024m -Dweblogic.Name=AdminServer -Djava.security.policy=/wls11g/wlserver_10.3/server/lib/weblogic.policy  -Dweblogic.ProductionModeEnabled=true  -da -
Dplatform.home=/wls11g/wlserver_10.3 -
Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server  -Dweblogic.management.discover=true  -
Dwlw.iterativeDev=false -stConsole=false -
Dwlw.logErrorsToConsole=false -
Dplatform.home=/wls11g/wlserver_10.3 -Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server  -
Dweblogic.management.discover=true  -verbose:gc -XX:
+PrintGCTimeStamps  -XX:+HeapDumpOnOutOfMemoryError  -XX:+PrintGCDetails -XX:+PrintGC -Xloggc:gc.log  -Dwlw.iterativeDev=false -
weblogic.Server
<Jul 19, 2018 4:20:09 PM CST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-
integrity check for better startup performance. To enable this check, specify -
Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<Jul 19, 2018 4:20:09 PM CST> <Info> <Security> <BEA-
090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
执⾏重启命令后,weblogic进⾏⾃动终⽌,并且没有⽣成任何⽇志与错误信息,如是我选择删除该补丁
7.删除补丁
root@app1 bsu]# ./bsu.sh -remove -patchlist=B47X -prod_dir=/wls11g/wlserver_10.3
Checking
No conflict(s) detected
Removing Patch ID: B47X..
Result: Success
8.重启WebLogic恢复正常
[root@app1 bsu]# service weblogic restart
Stopping weblogic: weblogic is not running.
Starting weblogic:
[root@app1 bsu]# .
.
JAVA Memory arguments: -Xms4096m -Xmx4096m  -XX:MaxPermSize=256m
.
WLS Start Mode=Production
.
cve漏洞库
CLASSPATH=/wls11g/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/wls11g/patch_ocp371/profiles/default/sys_manifest_cl asspath/weblogic_patch.jar:/usr/lib/jvm/java-
1.6.0-openjdk-
1.6.0.0.x86_64/lib/tools.jar:/wls11g/wlserver_10.3/server/lib/weblogic_sp.jar:/wls11g/wlserver_10.3/server/lib/weblogic.jar:/wls11g/modules/features/webl dules_10.3.6.0.jar:/wl
s11g/wlserver_10.3/server/lib/webservices.jar:/wls11g/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/wls11g/modules/net.sf.antcontrib_1.1.0.0_1-
0b2/lib/ant-
contrib.jar:/wls11g/wlserver_10.3/common/derby/lib/derbyclient.jar:/wls11g/wlserver_10.3/server/lib/xqrl.jar
.
PATH=/wls11g/wlserver_10.3/server/bin:/wls11g/modules/org.apache.ant_1.7.1/bin:/usr/lib/jvm/java-1.6.0-openjdk-
1.6.0.0.x86_64/jre/bin:/usr/lib/jvm/java-1.6.0-openjdk-
1.6.0.0.x86_64/bin:/sbin:/usr/sbin:/bin:/usr/bin
.
***************************************************
*  To start WebLogic Server, use a username and  *
*  password assigned to an admin-level user.  For *
*  server administration, use the WebLogic Server *
*  console at hostname:port/console        *
***************************************************
starting weblogic with Java version:
java version "1.6.0"
OpenJDK  Runtime Environment (build 1.6.0-b09)
OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode)
Starting WLS with line:
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java -server  -Xms4096m -Xmx4096m  -XX:MaxPermSize=256m -Dweblogic.Name=AdminServer -Djava.security.policy=/wls11g/wlserver_10.3/server/lib/weblogic.policy  -Dweblogic.ProductionModeEn
abled=true  -da -
Dplatform.home=/wls11g/wlserver_10.3 -
Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server  -Dweblogic.management.discover=true  -
Dwlw.iterativeDev=false -stConsole=false -
Dwlw.logErrorsToConsole=false -
Dplatform.home=/wls11g/wlserver_10.3 -Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server  -
Dweblogic.management.discover=true  -verbose:gc -XX:
+PrintGCTimeStamps  -XX:+HeapDumpOnOutOfMemoryError  -XX:+PrintGCDetails -XX:+PrintGC -Xloggc:gc.log  -Dwlw.iterativeDev=false -
weblogic.Server
<Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-
integrity check for better startup performance. To enable this check, specify -
Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-
090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<Jul 19, 2018 5:38:59 PM CST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with OpenJDK 64-Bit Server VM Version 1.6.0-b09 from Sun Microsystems Inc.>
<Jul 19, 2018 5:39:00 PM CST> <Info> <Management> <BEA-
141107> <Version: WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050 >
<Jul 19, 2018 5:39:02 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Jul 19, 2018 5:39:02 PM CST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<Jul 19, 2018 5:39:03 PM CST> <Notice> <Log Management> <BEA-
170019> <The server log file /wls11g/user_projects/domains/base_domain/servers/AdminServer/logs/AdminServer.log is opened. All
server side log events will be written to this file.>
<Jul 19, 2018 5:39:05 PM CST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Jul 19, 2018 5:39:08 PM CST> <Warning> <Deployer> <BEA-149617> <Non-critical internal application wls-
<Jul 19, 2018 5:39:08 PM CST> <Warning> <Deployer> <BEA-149617> <Non-critical internal application wls-
wsat was not deployed. Error: [Deployer:149158]No application files exist at
'/wls11g/wlserver_10.3/server/lib/wls-wsat.war'.>
<Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY>
<Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
9.由于安装补丁后不能正常启动weblogic所以选择禁⽤T3协议
登录控制台后在 bash_domain的配置页⾯中选择“安全”选项卡页⾯,再点击"筛选器"并在连接筛选器规则中设置以下规则
127.0.0.1 * * allow t3 t3s
0.0.0.0/0 * * deny t3 t3s
10.然后重新启动weblogic
[root@app1 bsu]# service weblogic restart
Stopping weblogic: weblogic is not running.
Starting weblogic:
[root@app1 bsu]# .
.
JAVA Memory arguments: -Xms4096m -Xmx4096m  -XX:MaxPermSize=256m
.
WLS Start Mode=Production
.
CLASSPATH=/wls11g/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/wls11g/patch_ocp371/profiles/default/sys_manifest_cl asspath/weblogic_patch.jar:/usr/lib/jvm/java-
1.6.0-openjdk-
1.6.0.0.x86_64/lib/tools.jar:/wls11g/wlserver_10.3/server/lib/weblogic_sp.jar:/wls11g/wlserver_10.3/server/lib/weblogic.jar:/wls11g/modules/features/webl dules_10.3.6.0.jar:/wl
s11g/wlserver_10.3/server/lib/webservices.jar:/wls11g/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/wls11g/modules/net.sf.antcontrib_1.1.0.0_1-
0b2/lib/ant-
contrib.jar:/wls11g/wlserver_10.3/common/derby/lib/derbyclient.jar:/wls11g/wlserver_10.3/server/lib/xqrl.jar
.
PATH=/wls11g/wlserver_10.3/server/bin:/wls11g/modules/org.apache.ant_1.7.1/bin:/usr/lib/jvm/java-1.6.0-openjdk-
1.6.0.0.x86_64/jre/bin:/usr/lib/jvm/java-1.6.0-openjdk-
1.6.0.0.x86_64/bin:/sbin:/usr/sbin:/bin:/usr/bin
.
***************************************************
*  To start WebLogic Server, use a username and  *
*  password assigned to an admin-level user.  For *
*  server administration, use the WebLogic Server *
*  console at hostname:port/console        *
***************************************************
starting weblogic with Java version:
java version "1.6.0"
OpenJDK  Runtime Environment (build 1.6.0-b09)
OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode)
Starting WLS with line:
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java -server  -Xms4096m -Xmx4096m  -XX:MaxPermSize=256m -Dweblogic.Name=AdminServer -Djava.security.policy=/wls11g/wlserver_10.3/server/lib/weblogic.policy  -Dweblogic.ProductionModeEnabled=true  -da -
Dplatform.home=/wls11g/wlserver_10.3 -
Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server  -Dweblogic.management.discover=true  -
Dwlw.iterativeDev=false -stConsole=false -
Dwlw.logErrorsToConsole=false -
Dplatform.home=/wls11g/wlserver_10.3 -Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server  -
Dweblogic.management.discover=true  -verbose:gc -XX:
+PrintGCTimeStamps  -XX:+HeapDumpOnOutOfMemoryError  -XX:+PrintGCDetails -XX:+PrintGC -Xloggc:gc.log  -Dwlw.iterativeDev=false -
weblogic.Server
<Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-
integrity check for better startup performance. To enable this check, specify -
Dweblogic.security.allowCryptoJDefaultJCEVerification=true>

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。