When a JNDI reference is being written to a log, JNDI will fetch all requirements to resolve the variable. To complete this process, it will download and execute any remote classes required. This applies to both server-side and client-side applications since the main requirements for the vulnerability are any attacker-controlled input field and this input being passed to the log. To orchestrate this attack, an attacker can use several different JNDI lookups. The most popular lookup currently being seen in both PoCs and active exploitation is utilizing LDAP however, other lookups such as RMI and DNS are also viable attack vectors. Lots of technical info at this site on how to the exploit works, how to detect the vulnerability and how to patch systems temporarily and permanently. Log4shell - using the vulnerability to patch the vulnerability - very clever - /r/netsec DecemGLOBALPROTECT TELKOM HOW TO This will be a Christmas nightmare for many companies, their IT departments and their clients. Let’s hope IT security professional and U.S government agencies can stop this exploit from crippling this holiday season.
0 kommentar(er)
