log4j취약점 일명 log4shell는 0-day 취약점이라고 부릅니다. 0-day 취약점이라 개발자보다 해커들이 먼저 발견한 취약점으로 이미 취약점이 발견되고 나서는 때가 늦을수도 있습니다.
개발자들에게 0-day 취약점이란 긴급 패치를 해야하고 패치가 완료되기 까지 24/7 비상상태 입니다....
해당 취약점이 배포된 시기부터 시스템/로그등을 분석해서 공격여부를 확인해야 합니다.
1. log4j 버전이 2.10.0 이상인 경우 아래와 같이 임시 조치가 가능
"log4j2.formatMsgNoLookups"를 "true"로 설정
-Dlog4j2.formatMsgNoLookups=true
2. 버전 업데이트
https://logging.apache.org/log4j/2.x/download.html
3. 대응 방법 정리
. KISA
https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=36389
KISA 인터넷 보호나라&KrCERT
KISA 인터넷 보호나라&KrCERT
www.boho.or.kr
. AWS
Apache Log4j2 Security Bulletin (CVE-2021-44228)
Initial Publication Date: 2021/12/10 7:20 PM PDT AWS is aware of the recently disclosed security issue relating to the open-source Apache “Log4j2" utility (CVE-2021-44228). We are actively monitoring this issue, and are working on addressing it for any A
aws.amazon.com
. VMWARE
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
. ORACLE
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
.fastly
https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j
Digging deeper into Log4Shell - 0Day RCE exploit found in Log4j
CVE-2021-44228 is a Remote Code Execution vulnerability in the Apache Log4j library being actively exploited. We provide our observations into the exploit and a summary of its impact.
www.fastly.com
https://www.pcmag.com/news/countless-serves-are-vulnerable-to-apache-log4j-zero-day-exploit
Countless Servers Are Vulnerable to Apache Log4j Zero-Day Exploit
The vulnerability allows remote code execution on servers, including those operated by Apple, Twitter, Valve, Tencent, and other major service providers.
www.pcmag.com
4. 취약점 TEST
. Log4ShellScanner
https://github.com/mwarnerblu/Log4ShellScanner
GitHub - mwarnerblu/Log4ShellScanner: Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability
Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers. - GitHub - mwarnerblu/Log4ShellScanner: Scans and catches callbacks of systems tha...
github.com
. exploit
https://www.lunasec.io/docs/blog/log4j-zero-day/
Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package | LunaSec
Given how ubiquitous log4j is, the impact of this vulnerability is quite severe. Learn how to patch it, why it's bad, and more in this post.
www.lunasec.io
. curl test
https://gist.github.com/nathanqthai/01808c569903f41a52e7e7b575caa890
GreyNoise Log4Shell Payloads
GreyNoise Log4Shell Payloads . GitHub Gist: instantly share code, notes, and snippets.
gist.github.com
. log pattern
Simulating and Preventing CVE-2021-44228 Apache Log4j RCE Exploits
Picus platform is updated for attacks that exploit CVE-2021-44228 Remote Code Execution (RCE) vulnerability affecting Apache Log4j Java logging library.
www.picussecurity.com
. log check
https://github.com/YfryTchsGD/Log4jAttackSurface
GitHub - YfryTchsGD/Log4jAttackSurface
Contribute to YfryTchsGD/Log4jAttackSurface development by creating an account on GitHub.
github.com
'Security' 카테고리의 다른 글
| log4j 취약점 탐지툴 (0) | 2021.12.13 |
|---|---|
| HSTS(HTTP Strict Transport Security) 설정 (0) | 2021.08.06 |