21년 11월 24일 발견된 인터넷 역사상 최악의 보안결함이라는 Log4j 취약점이 이슈가 되었습니다.
처음엔 몇몇 사이트들에 대해서만 이야기가 나왔지만 12월 9일 본격적으로 알려지기 시작되었습니다.
문제가 되는 사이트는 AWS(Amazon Web Service)나 MS의 Azure, Boradcom, Cisco, Citrix, Cloudflare, Dell, Huawei, Microsoft, Minecraft, Netflix, Oracle, Palo-Alto, Redhat, IBM, TrendMicro, VMware 등등 유명한 사이트들도 많이 있습니다.
Log4j란?
아파치 소프트웨어 재단의 자바 언어로 제작된 애드온 프로그램으로, java코딩 중 프로그램의 로그를 기록해주는 역할을 하고 있습니다. 여러 프로그램과 연동하면 프로그램 실행 시 자동으로 지정한 경로에 로그(접속 기록, 실행여부, 오류 등을 기록한 문서)를 저장해주는 역할을 합니다.
문제점
기업 홈페이지 등 인터넷 서비스를 운영 및 관리 목적으로 로그기록을 남기는데 사용하는 이 프로그램에 심각한 구멍이 있었습니다. 해커가 log4j를 통해 원격으로 특정 문자를 전송하면 원격으로 명령을 내릴 수 있는 권한을 획득하게되고, 이를 통해 악성코드를 실행할 수 있습니다.
조치방법?
log4j의 버전데이트 : 2.0 beta9 ~ 2.14.1 버전은 즉시 2.15.0으로 업데이트 적용
● 2.0 beta9 ~ 2.10.0 : JndiLookup 클래스를 경로에서 제거 :
zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
● 2.10~2.14.1 : log4j2.formatMsgNoLookups 또는 LOG4J_FORMAT_MSG_NO_LOOKUPS 환경변수를 true로 설정
● Apache Log4j 2.15.0 (아파치 Log4j 2 다운로드 페이지)
https://logging.apache.org/log4j/2.x/download.html
Log4j – Download Apache Log4j 2
<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apa
logging.apache.org
github에 올라온, 위에 언급하지 않은 취약사이트 정보도 참고하시기 바랍니다.
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-12 0023 UTC
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-12 0023 UTC - 20211210-TLP-WHITE_LOG4J.md
gist.github.com
A
Akamai : https://www.akamai.com/blog/news/CVE-2021-44228-Zero-Day-Vulnerability
Apache Druid : https://github.com/apache/druid/pull/12051
Apache Flink : https://flink.apache.org/2021/12/10/log4j-cve.html
Apache LOG4J : https://logging.apache.org/log4j/2.x/security.html
Apache Kafka : https://lists.apache.org/thread/lgbtvvmy68p0059yoyn9qxzosdmx4jdv
Apache Solr : https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
Apero CAS : https://apereo.github.io/2021/12/11/log4j-vuln/
Aptible : https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4
Atlassian : https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html
Automox : https://blog.automox.com/log4j-critical-vulnerability-scores-a-10
AWS : https://aws.amazon.com/security/security-bulletins/AWS-2021-005/
AZURE Datalake store java : https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310
B
BACKBLAZE : https://twitter.com/backblaze/status/1469477224277368838
BitDefender : https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability
BitNami By VMware : https://docs.bitnami.com/general/security/security-2021-12-10/
BMC Software : https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability
C
CarbonBlack : https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Log4j-Remote-Code-Execution-CVE-2021-44228/ta-p/109134
Cerberus FTP : https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability
Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
Citrix : https://support.citrix.com/article/CTX335705
CloudFlare : https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/
CPanel : https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/
ConcreteCMS.com : https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit
Connect2id : https://connect2id.com/blog/connect2id-server-12-5-1
ConnectWise : https://www.connectwise.com/company/trust/advisories
ContrastSecurity : https://support.contrastsecurity.com/hc/en-us/articles/4412612486548
Coralogix : https://twitter.com/Coralogix/status/1469713430659559425
CouchBase : https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402
Cybereason : https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228
D
Datto : https://www.datto.com/blog/dattos-response-to-log4shell
Debian : https://security-tracker.debian.org/tracker/CVE-2021-44228
Docker : https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/
DropWizard : https://twitter.com/dropwizardio/status/1469285337524580359
E
Eclipse Foundation : https://git.eclipse.org/r/c/tracecompass/org.eclipse.tracecompass/+/188751
EVLLABS JGAAP : https://github.com/evllabs/JGAAP/releases/tag/v8.0.2
F
F5 Networks : https://support.f5.com/csp/article/K19026212
F-Secure https://status.f-secure.com/incidents/sk8vmr0h34pd
Fastly : https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j
FusionAuth : https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/
G
Genesys : https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability
GitHub : https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
GoAnywhere : https://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps
Google Cloud Armor WAF : https://cloud.google.com/blog/products/identity-security/cloud-armor-waf-rule-to-help-address-apache-log4j-vulnerability
GrayLog : https://www.graylog.org/post/graylog-update-for-log4j
GuardedBox : https://twitter.com/GuardedBox/status/1469739834117799939
H
HackerOne : https://twitter.com/jobertabma/status/1469490881854013444
Huawei : https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en
HostiFi : https://twitter.com/hostifi_net/status/1469511114824339464
I
Imperva : https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/
Inductive Automation : https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day
Informatica : https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update
J
JAMF NATION : https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740
JazzSM DASH IBM : https://www.ibm.com/support/pages/node/6525552
Jenkins : https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/
JetBrains Teamcity : https://youtrack.jetbrains.com/issue/TW-74298
JFROG : https://twitter.com/jfrog/status/1469385793823199240
K
Kafka Connect CosmosDB : https://github.com/microsoft/kafka-connect-cosmosdb/blob/0f5d0c9dbf2812400bb480d1ff0672dfa6bb56f0/CHANGELOG.md
Kaseya : https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment
Keycloak : https://github.com/keycloak/keycloak/discussions/9078
L
Leanix : https://www.leanix.net/en/blog/log4j-vulnerability-log4shell
LucentSKY : https://twitter.com/LucentSky/status/1469358706311974914
Lightbend : https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275
M
Macchina io : https://twitter.com/macchina_io/status/1469611606569099269
McAfee : https://kc.mcafee.com/corporate/index?page=content&id=KB95091
Metabase : https://github.com/metabase/metabase/commit/8bfce98beb25e48830ac2bfd57432301c5e3ab37
Microsoft : https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
Minecraft : https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition
N
N-able : https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability
NetApp : https://security.netapp.com/advisory/ntap-20211210-0007/
Netflix : https://github.com/search?q=org%3ANetflix+CVE-2021-44228&type=commits
NextGen Healthcare Mirth : https://github.com/nextgenhealthcare/connect/discussions/4892#discussioncomment-1789526
Newrelic : https://github.com/newrelic/newrelic-java-agent/issues/605
O
Okta : https://sec.okta.com/articles/2021/12/log4shell
OpenHab : https://github.com/openhab/openhab-distro/pull/1343
OpenMRS TALK : https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341
OpenSearch : https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950
Oracle : https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
OxygenXML : https://www.oxygenxml.com/security/advisory/CVE-2019-17571.html
P
Palo-Alto Networks : https://security.paloaltonetworks.com/CVE-2021-44228
PaperCut : https://www.papercut.com/support/known-issues/#PO-684
Pega : https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability
Positive Technologies : https://twitter.com/ptsecurity/status/1469398376978522116
Progress / IpSwitch : https://www.progress.com/security
Pulse Secure : https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR
Puppet : https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/
Pure Storage : https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22)
Q
Quest KACE : https://support.quest.com/kace-systems-management-appliance/kb/335869/is-the-kace-sma-affected-by-cve-2021-44228
R
Red5Pro : https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/
RedHat : https://access.redhat.com/security/cve/cve-2021-44228
RunDeck by PagerDuty : https://docs.rundeck.com/docs/history/CVEs/
Rubrik : https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK
S
Salesforce : https://help.salesforce.com/s/articleView?id=000363736&type=1
Security Onion : https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html
ServiceNow : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959
Sesam Info : https://twitter.com/sesam_info/status/1469711992122486791
Shibboleth : http://shibboleth.net/pipermail/announce/2021-December/000253.html
SLF4J : http://slf4j.org/log4shell.html
SmileCDR : https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228
Sophos : https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce
SonarSource : https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721
SonicWall : https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
Spring Boot : https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot
SUSE : https://www.suse.com/security/cve/CVE-2021-44228.html
Sterling Order IBM : https://www.ibm.com/support/pages/node/6525544
Synopsys : https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228
T
Talend : https://jira.talendforge.org/browse/TCOMP-2054
Tanium : https://community.tanium.com/s/article/How-Tanium-Can-Help-with-CVE-2021-44228-Log4Shell
TrendMicro : https://success.trendmicro.com/solution/000289940
U
Ubiquiti-UniFi-UI : https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1
USSIGNAL MSP : https://ussignal.com/blog/apache-log4j-vulnerability
V
Vespa ENGINE : https://github.com/vespa-engine/blog/blob/f281ce4399ed3e97b4fed32fcc36f9ba4b17b1e2/_posts/2021-12-10-log4j-vulnerability.md
VMware : https://www.vmware.com/security/advisories/VMSA-2021-0028.html
W
Wallarm : https://lab.wallarm.com/cve-2021-44228-mitigation-update/
WatchGuard / Secplicity / https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/
Wowza : https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve
WSO2 : https://github.com/wso2/security-tools/pull/169
X
XCP-ng : https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact
Y
Z
ZAMMAD : https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256
Zaproxy : https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/
Zesty : https://www.zesty.io/mindshare/company-announcements/log4j-exploit/
'IT관련지식' 카테고리의 다른 글
| PC 켤때마다 F1키 누르라는 메세지가 뜨면? (0) | 2024.02.01 |
|---|---|
| Rufus를 활용하여 부팅 외장하드 만들기 (0) | 2023.01.27 |
| Windows11 공식출시 (21년 10월 5일) (0) | 2021.10.15 |
| 새로운 노트북 구입(17.3인치) (0) | 2021.07.23 |
| Windows7, Windows8 차세대 Windows11 무료 업글 (펌) (0) | 2021.07.08 |
댓글