Page 1 of 1
Log4j exploit
Posted: 12 Dec 2021 23:50
by Hendrik
Hi,
Since I cannot find anything about the Log4j exploit on the forum yet, I thought I might start a post.
Is the efa project affected by this exploit? And if so, what parts?
Kind regards,
Hendrik
Re: Log4j exploit
Posted: 14 Dec 2021 01:16
by chrisbruce
I would also like to know the answer to this. Thanks all.
Re: Log4j exploit
Posted: 14 Dec 2021 18:34
by chrisbruce
Hello All,
My anecdotal evidence is showing that there is no presence of Log4j in EFA. I am running 4.0.4
I ran all these commands to search for the presence of Log4j and all commands returned nothing/no-presence.
Presence of Log4j:
sudo grep -r --include "*.jar" JndiLookup.class /
sudo find / -name log4j-core-*.jar
sudo locate log4j|grep -v log4js
Detection of exploitation attempts of the vulnerability in your logs:
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
Someone please double check this!
TY,
ChrisBruce
Re: Log4j exploit
Posted: 14 Dec 2021 20:41
by shawniverson
No Java in use on eFa. It is primarily PHP and perl, with some compiled things in C and a sprinkle of bash scripting. In other words, 100% decaffeinated.
Re: Log4j exploit
Posted: 14 Dec 2021 21:21
by The_Penguin
Excellent! Thanks for confirming.
Re: Log4j exploit
Posted: 16 Dec 2021 13:48
by bas60
what about EFA3??
anyone know ?
Not had chance, I have plan to replace with EFA4 over Christmas
Re: Log4j exploit
Posted: 18 Mar 2022 04:49
by pdwalker
EFA3 used even less JAVA, so unless you've installed JAVA in your V3 vm, you're all good.