Open in app

Sign in

Write

Sign in

Log4J Vulnerability explained

Akilnath Bodipudi
2 min readDec 23, 2021

--

For the last couple of weeks, it is been over my head to write about the recent Log4j vulnerability exploit.

On December 9, 2021, an Remote Code Execution vulnerability was disclosed within the log4j package (CVE- 2021–44228) by Chen Zhaojun of the Alibaba Cloud Security Team which allows an attacker to execute arbitrary code on machines that utilize the log functions of the log4j package which gave the vulnerability its common name: Log4Shell.

How does the exploit happen??

CVE-2021–44228 vulnerability in Apache Log4j 2. An unauthenticated, remote attacker could exploit this flaw by sending a specially crafted request to a server running a vulnerable version of log4j. The crafted request uses a Java Naming and Directory Interface (JNDI) injection via a variety of services including:

  • Lightweight Directory Access Protocol (LDAP)
  • Secure LDAP (LDAPS)
  • Remote Method Invocation (RMI)
  • Domain Name Service (DNS)

If the vulnerable server uses log4j to log requests, the exploit will then request a malicious payload over JNDI through one of the services above from an attacker-controlled server. Successful exploitation could lead to RCE.

Log4J FlowChart

Mitigation and Patching

  1. Implement a firewall with scrutinized port allowance and logging.
  2. Block the traffic at the network layer.
  3. Limiting the suspected device’s communication for internal and external communication over the internet.
  4. Isolate and quarantine the device for security purposes.
  5. Updating the device to Log4j version of 2.15 or above
  6. setting the environment parameter values to Log4j2.formatMsgNoLookups=true and LOG4J_FORMt_msg_no_lookups=true, so that disables the LookUps.

Impact Level

the Log4j 2 library is known to communicate with other sources and internal directory services, attackers can easily feed Log4j 2 with malicious executable code from the outside and make it download and execute dangerous code from malicious sources.

The bad guy can execute any code on the attacked system, for example, to access sensitive configuration data. Attackers could gain full control of a system and compromise its data and applications.

Reference

Source: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance

Log4j
Log4j Vulnerability
Remote Code Execution
Security
Cyberattack

--

--

Akilnath Bodipudi
Akilnath Bodipudi

Written by Akilnath Bodipudi

16 Followers
11 Following

CyberPunk who always wanted to explore a new horizons over cyber space. Doing pen testing into my own network systems for detecting the vunerabilities .

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams