New on LowEndTalk? Please Register and read our Community Rules.
Log4J Exploit
Anyone seen much of this?
CPanel seem to be talking about it, but I can’t see anything on
https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/
I also heard Apache released an update
https://logging.apache.org/log4j/2.x/security.html
Comments
DirectAdmin doesn't use Log4j anywhere, so there is nothing for us to announce or fix.
The funny thing is that minecraft servers are vulnerable
What is new in 1.63.3?
There is no information at directadmin.com/versions.php.
https://docs.directadmin.com/changelog/version-1.63.3.html
Smells like @DA_Mark needs a redirect
Francisco
@DA_Mark
Thanks for the update, any news when the DA installer will be fixed please?
Third place I've seen this tonight. Never in my life heard of log4j. Feels like the notices outweigh the installs 😂
Guess you've never heard of left-pad then?
It's one of those libraries that used by a lot of stuff I think. When scanning for this at work yesterday we think we've found it tucked away in Nutch - fortunately looks like it's the unaffected 1.2 version.
Possible if you never worked in "enterprise" IT. A lot is still Java and i never encountered a Java application that doesn't use log4j.
Oh. You will be surprised...
So many enterprise java applications scaled to 1000s of customers had logging via System.out.println is mind boggling...
They are laughing now.... for not using log4j
Backblaze took their services offline last night to address this. 7+ hours downtime, and no notification to the customers... boooooooooo
O really? That sux... atleast if the downtime is related to this fix, it will be good in the end
they did post on twitter
Haha yeah it's a popular library though that handles logging. I've used it in a webapp I built. It's pretty decent at what it does.
It’s in fucking Solr and the npm JSS Proxy too. Bang goes my weekend.
https://tomshardware.com/news/hacker-hijacks-hp-epyc-servers-raptoreum-crypto-mining