What is Log4j Vulnerability and how dangerous is it

What is a Software Vulnerability?

A software vulnerability is a defect in software that could allow an attacker to gain control of a system. These defects can be because of the way the software is designed, or because of a flaw in the way that its coded.

How Does a Software Vulnerability Work?

An attacker first finds out if a system has a software vulnerability by scanning it. The scan can tell the attacker what types of software are on the system, are they up to date, and whether any of the software packages are vulnerable. When the attacker finds that out, he or she will have a better idea of what types of attacks to launch against the system. A successful attack would result in the attacker being able to run malicious commands on the target system.

What Can an Attacker Do with a Software Vulnerability?

An attacker can exploit a software vulnerability to steal or manipulate sensitive data, join a system to a botnet, install a backdoor, or plant other types of malware. Also, after penetrating into one network host, the attacker could use that host to break into other hosts on the same network.

Here is a full video which based on Log4J

What is Log4j?

Modern software can be large, powerful, and complex. Rather than a single author writing all the code themselves as was common decades ago, modern software creation will have large teams, and that software is increasingly made out of building blocks pulled together by the team rather than entirely written from scratch.

A team is unlikely to spend weeks writing new code when they can use existing code immediately.

Log4j is one of the many building blocks that are used in the creation of modern software. It is used by many organizations to do a common but vital job. We call this a software library.

Log4j is used by developers to keep track of what happens in their software applications or online services. Its basically a huge journal of the activity of a system or application. This activity is called logging and its used by developers to keep an eye out for problems for users.

Whats the issue?

Last week, a vulnerability was found in Log4j, an open-source logging library commonly used by apps and services across the internet. If left unfixed, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software.
Log4j is used worldwide across software applications and online services, and the vulnerability requires very little expertise to exploit. This makes Log4shell potentially the most severe computer vulnerability in years.

Who is affected by this?

Almost all software will have some form of ability to log (for development, operational and security purposes), and Log4j is a very common component used for this.
For individuals, Log4j is almost certainly part of the devices and services you use online every day. The best thing you can do to protect yourself is make sure your devices and apps are as up to date as possible and continue to update them regularly, particularly over the next few weeks.
For organizations, it may not be immediately clear that your web servers, web applications, network devices and other software and hardware use Log4j. This makes it all the more critical for every organization to pay attention to our advice, and that of your software vendors, and make necessary mitigations.

What else can we do?

• Check your systems for the use of Log4j
• Check the list of the vulnerable software
• Contact software vendors
• Set Web Application Firewall rules
• Check for scanning activity
• Check for exploitation
• Sign up for the NCSCs Early Warning
• See the vulnerability alert for more technical detail on these steps.

WANT TO LEARN MORE?
Full Terraform tutorial https://bit.ly/2GwK8V2
DevOps Tools, like Ansible https://bit.ly/3iASHuP
Docker Tutorial https://bit.ly/3iAT9Jx
AWS Tutorial https://bit.ly/3iAT9Jx