3
I have an up to date Debian 7 server, also running Plesk 11. Yesterday exactly at the same time (2015-09-21 11:38:13 EET) the exec flag has been disappeared from all the java
executables on the server. (I have several variants: one system-wide, several others packaged with Atlassian applications)
It seems to me either a goodwill crack or some update running and chmoding for some reason.
Did anyone had a similar issue? Are you aware of any update or malware dropping the exec flag from all the Java executables?
Java versions:
/usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java
java version "1.7.0_79"
OpenJDK Runtime Environment (IcedTea 2.5.6) (7u79-2.5.6-1~deb7u1)
OpenJDK 64-Bit Server VM (build 24.79-b02, mixed mode)
/opt/atlassian/jira/jre/bin/java
java version "1.8.0_40" Java(TM) SE Runtime Environment (build 1.8.0_40-b25) Java HotSpot(TM) 64-Bit Server VM (build 25.40-b25, mixed mode)
/opt/atlassian/confluence/jre/bin/java
java version "1.8.0_45"
Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)
1No idea what caused this, but this is also part of the reason one should only have one install of Java on their system and then just have all applications use that version of Java. – JakeGould – 2015-09-22T06:47:26.590
1Absolutely, now I'm looking for vulnerabilities of 3 java versions instead of just one. – Attila Fulop – 2015-09-22T06:49:32.247
1FWIW, Java 8 is already up to Java 8 Update 60 (1.8.0_60) while yours are at 40 (1.8.0_40) and 45 (1.8.0_45). And the OpenJDK version you are on is 7 Update 79 (JDK 7u79) and the latest version is 7 Update 80 (JDK 7u80). – JakeGould – 2015-09-22T06:54:56.097
Yep, the Debian one (1.7) is at least not vulnerable, but the other two of 1.8 are. Just replacing them all to a single one. Would you recommend using the http://ppa.launchpad.net/webupd8team/java/ubuntu repository? (production server)
– Attila Fulop – 2015-09-22T07:04:24.1101I was actually going to suggest that exact repository. Best place and way to get a nice repo-based Java build on a Debian setup. Be sure to add
JAVA_HOME=/usr/lib/jvm/java-8-oracle/jre
tosudo nano /etc/environment
after install so all apps can have access to thatJAVA_HOME
value. Good luck! – JakeGould – 2015-09-22T07:12:05.3101Thanks a lot, I did it; now that single java is being used only. I'll share if it turns out what has caused the loss of the exec flag. – Attila Fulop – 2015-09-22T07:40:13.823
Today it has disappeared again.. cannot be an accident – Attila Fulop – 2015-09-23T11:37:14.040
It could be that your system is infected in some way. I would recommend looking in the
/tmp/
directory on the system and see if anything oddball is in there. Is this system exposed to the world on the Internet or being used on a local area network. – JakeGould – 2015-09-23T17:12:43.4231Instead of "infection" it could also be something intentional like the automatic java update. or a script that tries to "harden" the installation (by removing exec flags) – user23573 – 2015-12-21T17:23:29.603