Razlike

Slijede razlike između dviju inačica stranice.

--- racfor_wiki:malware:analiza_cve-2021-45046_-_log4j_remote_code_execution [2022/01/07 17:21]
mhalupa
+++ racfor_wiki:malware:analiza_cve-2021-45046_-_log4j_remote_code_execution [2023/06/19 18:17] (trenutno)
@@ Redak 1: / Redak 1: @@
-====== Sažetak ======
+====== Abstract ======
+Recently, a new vulnerability in a very popular Java logging library has been discovered and has taken the tech world by storm. It has been named Log4Shell by the community and has prompted an immediate response from it's developer, Apache. However, not everything went according to plan as multiple other exploits got discovered by the community not soon after the patches were released. The impact was very severe, as legions of hackers jumped at the opportunity to retrieve sensitive information from a large variety of software companies and providers.
+Keywords: Log4J, Log4Shell, vulnerability, exploit, Java
 ====== Introduction ======
-Log4j is a Java based logging tool developed by Apache and it is one of the most, if not the most popular logging tool available right now. Despite the careful testing and implementation of most available tools of wide varieties, security vulnerabilities rise up. These vulnerabilities are then logged via CVEs (Common Vulnerabilities and Exploits). Log4j is no such stranger to such vulnerabilities, having 8 vulnerabilities discovered from 2017 to 2021. However, on December 9, 2021, a 0-day exploit was discovered which allowed users to execute arbitrary code by exploiting the vulnerability. The vulnerability was described by some as the “the single biggest, most critical vulnerability of the last decade” and recieved a 10 out of 10 on the CVE severity scale labeling it as “critical”. It also recieved a name “Log4Shell”.
+Log4j is a Java based logging tool developed by Apache and it is one of the most, if not the most popular logging tool available right now. Despite the careful testing and implementation of most available tools of wide varieties, security vulnerabilities rise up. These vulnerabilities are then logged via CVEs (Common Vulnerabilities and Exploits). Log4j is no such stranger to such vulnerabilities, having 8 vulnerabilities discovered from 2017 to 2021. However, on December 9, 2021, a 0-day exploit was discovered which allowed users to execute arbitrary code by exploiting the vulnerability. The vulnerability was described by some as “the single biggest, most critical vulnerability of the last decade” and recieved a 10 out of 10 on the CVE severity scale labeling it as “critical”. It also recieved a name “Log4Shell”.
 ====== The exploit ======
@@ Redak 28: / Redak 31: @@
 [[https://www.youtube.com/watch?v=bxDEJDqANig|Praetorian also released a proof of concept(POC) demonstrating the exploit.]]
+However, a fourth exploit arose soon after allowing for remote code execution on the system where a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server.
 ====== Impact ======
-====== Zaključak ======
+Any software which used Log4j was impacted and many of the world famous companies were members of that list.
+Well known companies and services affected included Amazon, Attlasian, Minecraft, Jetbrains, Oracle and Microsoft Azure to name a few.
+More than 35,000 packages from Maven Central had been affected by the vulnerability which amounts to 8% of all the packages published on the remote repository. For reference, the average impact of advisories affecting Maven Central usually affects around 2% of packages with a median of around 0,1%.
+Fixing the vulnerability proved to be hard, as 80% of the packages using Log4j used it indirectly, meaning
+that through dependency injection, the vulnerability was more than one level deep, with majority of the packages being affected 5 or more levels deep.
+The depth is visualized on the following diagram:
+{{:racfor_wiki:malware:visualization_13_.png?400|}}
+The exploit also prompted the FTC (Federal Trade Comission, a United States government agency) to put out a press release threatening the companies who fail to take necessary steps to mitigate the exploit with legal reprocussions.
+Many hackers have been trying to abuse the exploit. These range from ransomware gangs locking down Minecraft servers to hacker groups trying to mine bitcoin and hackers associated with China and North Korea trying to gain access to sensitive information from their geopolitical rivals. The Belgian ministry of defense reported that its computers were being attacked using Log4Shell.
+====== Conclusion ======
+Log4Shell has been one of the most impactful exploits ever to have been discovered. The sheer scope of software and services using the library makes it difficult to see an end in sight. Due to the aforementioned indirect dependency problem, a significant percentage of software providers possibly does not even know their software has suddenly become vulnerable. Also, there is a significant percentage of useful software that has been abandoned and stopped being maintained. However, due to the nature of such software usually being open source, there is a group of people who have taken it upon themselves to fix such software.
 ====== Literature ======
@@ Redak 39: / Redak 59: @@
 https://en.wikipedia.org/wiki/Log4j
+https://docs.oracle.com/javase/tutorial/jndi/overview/index.html
+https://arstechnica.com/information-technology/2021/12/patch-fixing-critical-log4j-0-day-has-its-own-vulnerability-thats-under-exploit/
+https://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832
+https://nordpass.com/blog/log4j-zero-day-vulnerability/
+https://theconversation.com/what-is-log4j-a-cybersecurity-expert-explains-the-latest-internet-vulnerability-how-bad-it-is-and-whats-at-stake-173896

racfor_wiki/malware/analiza_cve-2021-45046_-_log4j_remote_code_execution.1641572493.txt.gz · Zadnja izmjena: 2023/06/19 18:14 (vanjsko uređivanje)