Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

2021-12-13 11:53

"The JNDI lookup feature of log4j allows variables to be retrieved via JNDI - Java Naming and Directory Interface. This is an API that that provides naming and directory functionality to Java applications. While there are many possibilities, the log4j one supports LDAP and RMI. In other words, when a new log entry is being created, and log4j encounters a JNDI reference, it will actually literally go to the supplied resource and fetch whatever it needs to fetch in order to resolve the required variable. And in this process, it might even download remote classes and execute them!".

Don't underestimate the attack surface of the Remote code injection in Log4j.

Log4shell log4j attempts have largely been spray-and-pray.

Cybereason researchers have also developed and released a "Vaccine" for the vulnerability that can help with temporary mitigation.

Given a vulnerable piece of software, it exploits the log4j vulnerability, just to install a new piece of code that prevents exploiting it in the future.

Sonatype has additional advice for mitigation for developers, users, and operators of software using Log4j.

News URL

https://www.helpnetsecurity.com/2021/12/13/log4shell-update-cve-2021-44228/

#attack #log4shell #log4shell #mitigation

News URL

Related news