Knowledgebase

How to Patch Minecraft for the Log4J2 Exploit Print

  • 0

Urgent: Upgrade your Minecraft Servers

Minecraft servers before version 1.18.1 are vulnerable to a Remote Code Execution attack. You must upgrade immediately.

  • If you deploy a new Minecraft server at Rcs, you are protected. Rcs's Minecraft server image has been upgraded to version 1.18.1, which is safeguarded against the exploit.
  • If your server is version 1.18 or earlier, you must upgrade. Please use these instructions.

How to Patch your Minecraft Server

  1. Connect to your server with SSH as root.

  2. Create fix_minecraft.sh in your text editor.

     # nano ~/fix_minecraft.sh
  3. Paste the following script:

     #!/bin/bash
    
     echo "Rcs Minecraft Log4j RCE Patcher - v1.0"
    
     if ! [ -z "$(grep "Dlog4j.configurationFile=log4j2.xml" /home/minecraft/minecraft_server.sh)" ]; then
         echo "Already patched!"
         exit 0
     fi
    
     echo "Grabbing version!"
     VERSION="$(cat minecraft_server_version)"
     VERSION_MAJOR="$(echo ${VERSION} | awk -F'.' '{print $1}')"
     VERSION_MINOR="$(echo ${VERSION} | awk -F'.' '{print $2}')"
     echo "Found Version: ${VERSION}"
    
     if [ "${VERSION_MAJOR}" == "1" ] && [ "${VERSION_MINOR}" -lt "12" ]; then
         echo "Found OLD Version: ${VERSION}, using pre 1.12 xml fix!"
         URL="https://launcher.mojang.com/v1/objects/dd2b723346a8dcd48e7f4d245f6bf09e98db9696/log4j2_17-111.xml"
     fi
    
     URL="https://launcher.mojang.com/v1/objects/02937d122c86ce73319ef9975b58896fc1b491d1/log4j2_112-116.xml"
     if [ "${VERSION}" == "1.18.1" ] || [ "${VERSION_MINOR}" -gt "18" ]; then
         echo "Found NEW Version: ${VERSION}, no patch needed!"
         exit 0
     fi
    
     echo "Downloading: ${URL}"
     curl -Ls "${URL}" > /home/minecraft/log4j2.xml
    
     echo "Patching: /home/minecraft/minecraft_server.sh"
     sed -i -e 's/java -Xmx/java -Dlog4j.configurationFile=log4j2.xml -Xmx/g' /home/minecraft/minecraft_server.sh
  4. Type Ctrl+X, and then Y to save and exit.

  5. Make the script executable.

     # chmod u+x ~/fix_minecraft.sh
  6. Run the script.

     # bash ~/fix_minecraft.sh
  7. As a precaution, please reboot your server.

More Information

There is a new zero-day exploit for the Log4J2 library used by Minecraft. This exploit allows unsophisticated attackers to take over your server remotely. The vulnerability has been reported with CVE-2021-44228 against the log4j-core jar and is fixed in Log4J v2.15.0.

To protect our network, Rcs may shut down vulnerable Minecraft servers. Please upgrade immediately.

Urgent: Upgrade your Minecraft Servers Minecraft servers before version 1.18.1 are vulnerable to a Remote Code Execution attack. You must upgrade immediately. If you deploy a new Minecraft server at Rcs, you are protected. Rcs's Minecraft server image has been upgraded to version 1.18.1, which is safeguarded against the exploit. If your server is version 1.18 or earlier, you must upgrade. Please use these instructions. How to Patch your Minecraft Server Connect to your server with SSH as root. Create fix_minecraft.sh in your text editor. # nano ~/fix_minecraft.sh Paste the following script: #!/bin/bash echo "Rcs Minecraft Log4j RCE Patcher - v1.0" if ! [ -z "$(grep "Dlog4j.configurationFile=log4j2.xml" /home/minecraft/minecraft_server.sh)" ]; then echo "Already patched!" exit 0 fi echo "Grabbing version!" VERSION="$(cat minecraft_server_version)" VERSION_MAJOR="$(echo ${VERSION} | awk -F'.' '{print $1}')" VERSION_MINOR="$(echo ${VERSION} | awk -F'.' '{print $2}')" echo "Found Version: ${VERSION}" if [ "${VERSION_MAJOR}" == "1" ] && [ "${VERSION_MINOR}" -lt "12" ]; then echo "Found OLD Version: ${VERSION}, using pre 1.12 xml fix!" URL="https://launcher.mojang.com/v1/objects/dd2b723346a8dcd48e7f4d245f6bf09e98db9696/log4j2_17-111.xml" fi URL="https://launcher.mojang.com/v1/objects/02937d122c86ce73319ef9975b58896fc1b491d1/log4j2_112-116.xml" if [ "${VERSION}" == "1.18.1" ] || [ "${VERSION_MINOR}" -gt "18" ]; then echo "Found NEW Version: ${VERSION}, no patch needed!" exit 0 fi echo "Downloading: ${URL}" curl -Ls "${URL}" > /home/minecraft/log4j2.xml echo "Patching: /home/minecraft/minecraft_server.sh" sed -i -e 's/java -Xmx/java -Dlog4j.configurationFile=log4j2.xml -Xmx/g' /home/minecraft/minecraft_server.sh Type CTRL+X, and then Y to save and exit. Make the script executable. # chmod u+x ~/fix_minecraft.sh Run the script. # bash ~/fix_minecraft.sh As a precaution, please reboot your server. More Information There is a new zero-day exploit for the Log4J2 library used by Minecraft. This exploit allows unsophisticated attackers to take over your server remotely. The vulnerability has been reported with CVE-2021-44228 against the log4j-core jar and is fixed in Log4J v2.15.0. To protect our network, Rcs may shut down vulnerable Minecraft servers. Please upgrade immediately.

Was this answer helpful?
Back

Powered by WHMCompleteSolution