Log4Shell Explained: Deep Dive into CVE-2021-44228

 Log4Shell Vulnerability

Log4Shell Vulnerability , also known as  CVE-2021-44228.This vulnerability exposed how we develop secure software systems.No special skill or code was required.Simple text can invoke this vulnerability.

To understand Log4Shell, lets understand Logs or Logging.

Computer keeps logs of every tasks is performed on them.Engineers rely on logs to debug if any incident occurs.Normally they check Timestamp and message beside Timestamp.


Like, from this log file screenshot we see INFO (Information) and ERROR (Error) and Timestamp


But, what is Log4j  Its logging library for Java applications


    
Here, all login attempts are being recorded in log files.

Without, Log4j developers will use System.out.println().

Now apart from writing log files Log4j can also execute commands given to them.

Attacker found out that they can load and execute malicious code using Log4j.

Log4j often hides in

  1. Apps
  2. JARs
  3. Inside Containers
Tools to find it
  • trivy
  • grype
  • syft
  • SCA tools like Synk
Fixing the vulnerability

Upgrade Log4j to 2.17.1 or later
 
If its not possible to upgrade , 

Disable JINDI lookups.

Delete vulnerable class

zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class 

Fixing Log4j means upgrading libraries ,disabling and dangerous lookups and blocking exploit paths.



Comments

Post a Comment

Popular posts from this blog

Zero Trust Architecture

Introduction Imagine a high-security building where passing the security guard at the front door doesn't give you free reign to wander into every office. Instead, you need to swipe your badge at every single door, elevator, and file cabinet you encounter. This is the essence of Zero Trust Architecture . In the digital world, it means that no user or application is trusted by default, even if they are already inside the network. If you are looking to understand the basics of ZTA without getting lost in jargon, you’ve come to the right place. Let’s explore how this security model works and why it’s the future of cyber-security.  Zero Trust checks for identity every time. Main pillars of Zero Trust :- Identity and Access Management (IAM) Device trust  Network segmentation Application-level access Continuous Monitoring Least Privilege   Traditional security model assumes that anything inside corporate model was trusted.This model fails when attacker gets inside the netw...
Read more