Log4shell - Five Eyes published a scanner for everyone

Sun, 26 Dec 2021 10:42:00 Dan

Log4shell

As you may have heard, since December 9 there is a severe vulnerability called Log4shell (and other Log4j-related vulnerabilities) that affects a wide range of Java applications. The "Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI" library.

Scanners

Five Eyes

The Five Eyes have published a scanner that is basically just a combination of other software and slightly changes:

As many in industry, we did not feel the need to "re-invent the wheel". This recommended scanning solution is derived from the great work of others (with slight modifications). We've included two additional projects to avoid using third-parties.

Everything is open sourced at https://github.com/cisagov/log4j-scanner
Check your services if you can.

Anchore

There are also syft and grype provided by anchore.

Grafana's Loki

We use Loki from Grafana, which can be a very fast solution for identifying services with Log4j.
Just use the regular expression jndi and (?i)log4j.
See Grafanas statement.

Update your devices

If you have to wait for updates from hosters etc., check the news about them to see if they have already patched the vulnerability or if they are affected at all or not. Our services are not affected.
Also update your devices (phones, laptop/desktop, servers, IoT...) as soon as possible, better now, which should be generally on a regular basis and now more than ever.
There is a list that shows which software is affected or has a patch already available.
Check it out.

How to

If you need help to check your software, we have a quick guide for the community. Otherwise contact us via email etc..

Stay safe - in real and virtual life

About the author


Dan

Dan

 

I'm a long-time user and enthusiast of open source software and espouse the philosophy that software code should be open (readable). So that everyone can see what happens behind the scenes while we use our electronic devices every day.