Log4j Vulnerability - 2021 December

Hello Guys,

Here is my understanding of Log4J vulnerability which was on the hot topic recent days.

Let’s talk about few pre-req’s,

Log4J

It’s an open-source logging framework tool & it might not needed introduction since it was quite popular.

LDAP

It’s an open protocol for accessing and maintaining the distributed directory information services & to know more please use this.

JNDI

Its an API which provides naming and directory functionality to applications which was built by Java. So, the java applications using JNDI to interact with LDAP Systems Sine, its java couldn’t request to LDAP.

Log4J vulnerability

It’s a critical vulnerability, affects 2.x versions (2.0 to 2.14.1). NIST Published a critical CVE in the NVD on Dec 10^th 2021 & named this as CVE-2021-44228. Apache software foundation the severity rating as 10 which is in the higher side. This vulnerability allowing anonymous remote code execution which is allowing hackers to take an advantage on the resources. Log4j allows logged messages to contain format strings that reference external information through the Java Naming and Directory Interface (JNDI). This allows information to be remotely retrieved across a variety of protocols, including the Lightweight Directory Access Protocol (LDAP).

Life Cycle of Vulnerability

Explained - https://www.mcafee.com/blogs/enterprise/threat-intelligence-and-protections-update-log4shell-cve-2021-44228/

 

 

Preventive Actions

The ERT team has released a fix and the customers are advised to update their Log4j to version 2.17.0, if updating the version is possible.

Using outgoing firewall rules on servers is a good preventive technique to prevent attackers.