Support and News Forum


https://www.eve-ng.net/forum/

Eve-ng is affected by Log4j vulnerability or not?

https://www.eve-ng.net/forum/viewtopic.php?f=3&t=19534

Page 1 of 1

Eve-ng is affected by Log4j vulnerability or not?

Posted: Mon Dec 13, 2021 2:06 pm
by mnhr.jha
Hi,

A zero-day vulnerability (CVE-2021-44228) publicly released on 9 December 2021, known as Log4j or Log4Shell, is actively being targeted in the wild.

Need confirmation whether eve-ng could be affected by this or not?

A quick response is highly appreciated.

Many Thanks,
Manohar

Re: Eve-ng is affected by Log4j vulnerability or not?

Posted: Wed Dec 15, 2021 9:36 am
by Uldis (UD)
No,
Eve does not use log4j at all

Guacamole use Logback (http://logback.qos.ch/ )

For guacamole package, don’t panic.

Here the issue description

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled

Eve do not use such and no user have any control of any ldap server.

This mean the vector attack is not present on EVE-NG
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/