Hi,
A zero-day vulnerability (CVE-2021-44228) publicly released on 9 December 2021, known as Log4j or Log4Shell, is actively being targeted in the wild.
Need confirmation whether eve-ng could be affected by this or not?
A quick response is highly appreciated.
Many Thanks,
Manohar
Eve-ng is affected by Log4j vulnerability or not?
Moderator: mike
-
mnhr.jha
- Posts: 1
- Joined: Mon Dec 13, 2021 2:00 pm
-
Uldis (UD)
- Posts: 5180
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Eve-ng is affected by Log4j vulnerability or not?
No,
Eve does not use log4j at all
Guacamole use Logback (http://logback.qos.ch/ )
For guacamole package, don’t panic.
Here the issue description
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled
Eve do not use such and no user have any control of any ldap server.
This mean the vector attack is not present on EVE-NG
Eve does not use log4j at all
Guacamole use Logback (http://logback.qos.ch/ )
For guacamole package, don’t panic.
Here the issue description
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled
Eve do not use such and no user have any control of any ldap server.
This mean the vector attack is not present on EVE-NG